From 449d52caf4010ed112f1928bf6b5234bcfb9a339 Mon Sep 17 00:00:00 2001
From: Gareth Coles <gdude2002@gmail.com>
Date: Sun, 20 May 2018 23:29:17 +0100
Subject: Privacy/Usability updates (#75)

* Use less intrusive oauth scopes, add login redirect method

* Remove debugging prints, add missing __init__

* Work towards new privacy policy

* Fix judging state icons on code jam management page

* Jammer profile retraction and punishments based on jam status

* Linting

* [Jams] Deny profile saving for users < 13 years, and finish removal page

* Fix tests

* Clean up and address Volcyy's review

* Add proper login redirection to require_roles decorator

* Fix template is_staff() and add staff link to navigation

* Address lemon's review

* Linting

* Privacy page formatting

* Privacy page formatting
---
 pysite/base_route.py | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

(limited to 'pysite/base_route.py')

diff --git a/pysite/base_route.py b/pysite/base_route.py
index e6bd00ad..bb50afd9 100644
--- a/pysite/base_route.py
+++ b/pysite/base_route.py
@@ -2,15 +2,15 @@ from collections import Iterable
 from datetime import datetime
 from typing import Any
 
-from flask import Blueprint, Response, jsonify, redirect, render_template, url_for
+from flask import Blueprint, Response, jsonify, redirect, render_template, session, url_for
 from flask.views import MethodView
 from werkzeug.exceptions import default_exceptions
 
-from pysite.constants import DEBUG_MODE, ErrorCodes
-from pysite.mixins import OauthMixin
+from pysite.constants import ALL_STAFF_ROLES, DEBUG_MODE, ErrorCodes
+from pysite.mixins import OAuthMixin
 
 
-class BaseView(MethodView, OauthMixin):
+class BaseView(MethodView, OAuthMixin):
     """
     Base view class with functions and attributes that should be common to all view classes.
 
@@ -52,10 +52,26 @@ class BaseView(MethodView, OauthMixin):
         context["current_page"] = self.name
         context["view"] = self
         context["logged_in"] = self.logged_in
+        context["user"] = self.user_data
         context["static_file"] = self._static_file
         context["debug"] = DEBUG_MODE
         context["format_datetime"] = lambda dt: dt.strftime("%b %d %Y, %H:%M") if isinstance(dt, datetime) else dt
 
+        def is_staff():
+            if DEBUG_MODE:
+                return True
+
+            if not self.logged_in:
+                return False
+
+            for role in ALL_STAFF_ROLES:
+                if role in self.user_data.get("roles", []):
+                    return True
+
+            return False
+
+        context["is_staff"] = is_staff
+
         return render_template(template_names, **context)
 
     def _static_file(self, filename):
@@ -103,6 +119,14 @@ class RouteView(BaseView):
 
         cls.name = f"{blueprint.name}.{cls.name}"  # Add blueprint to page name
 
+    def redirect_login(self, **kwargs):
+        session["redirect_target"] = {
+            "url": self.name,
+            "kwargs": kwargs
+        }
+
+        return redirect(url_for("discord.login"))
+
 
 class APIView(RouteView):
     """
-- 
cgit v1.2.3