From eb5911642949f059d2b0f20ab5bdd0d0eebc5cb7 Mon Sep 17 00:00:00 2001
From: martstern <martstern@waifu.club>
Date: Mon, 15 May 2017 07:49:25 -0400
Subject: [PATCH 1/4] allow admin to give trusted to users. show users their
 own info when logged in

---
 nyaa/forms.py               |  8 +++++++
 nyaa/models.py              |  9 ++++++++
 nyaa/routes.py              | 45 +++++++++++++++++++++++++++++++++++--
 nyaa/templates/profile.html | 12 +++++++++-
 nyaa/templates/user.html    | 22 ++++++++++++++++++
 5 files changed, 93 insertions(+), 3 deletions(-)

diff --git a/nyaa/forms.py b/nyaa/forms.py
index 6a6508a..bd681ae 100644
--- a/nyaa/forms.py
+++ b/nyaa/forms.py
@@ -257,6 +257,14 @@ class UploadForm(FlaskForm):
                                             bencoded_info_dict=bencoded_info_dict)
 
 
+class UserForm(FlaskForm):
+    user_class = DisabledSelectField('Change User Class')
+
+    def validate_user_class(form, field):
+        if not field.data:
+            raise ValidationError('Please select a proper user class')
+
+
 class TorrentFileData(object):
     """Quick and dirty class to pass data from the validator"""
 
diff --git a/nyaa/models.py b/nyaa/models.py
index 34fac59..2f512e4 100644
--- a/nyaa/models.py
+++ b/nyaa/models.py
@@ -356,6 +356,15 @@ class User(db.Model):
     def is_admin(self):
         return self.level is UserLevelType.ADMIN or self.level is UserLevelType.SUPERADMIN
 
+    @property
+    def is_superadmin(self):
+        return self.level is UserLevelType.SUPERADMIN
+
+    @property
+    def is_trusted(self):
+        return self.level is UserLevelType.TRUSTED
+
+
 # class Session(db.Model):
 #    __tablename__ = 'sessions'
 #
diff --git a/nyaa/routes.py b/nyaa/routes.py
index 51a7dd3..99d5308 100644
--- a/nyaa/routes.py
+++ b/nyaa/routes.py
@@ -275,13 +275,42 @@ def home(rss):
                                      rss_filter=rss_query_string)
 
 
-@app.route('/user/<user_name>')
+@app.route('/user/<user_name>', methods=['GET', 'POST'])
 def view_user(user_name):
     user = models.User.by_username(user_name)
 
     if not user:
         flask.abort(404)
 
+    if flask.g.user:
+        admin = flask.g.user.is_admin
+        superadmin = flask.g.user.is_superadmin
+    else:
+        admin = False
+        superadmin = False
+
+    form = forms.UserForm()
+    form.user_class.choices = _create_user_class_choices()
+    if flask.request.method == 'POST' and form.validate():
+        selection = form.user_class.data
+
+        if selection == 'regular':
+            user.level = models.UserLevelType.REGULAR
+        elif selection == 'trusted':
+            user.level = models.UserLevelType.TRUSTED
+        db.session.add(user)
+        db.session.commit()
+
+        return flask.redirect('/user/' + user.username)
+
+    level = 'Regular'
+    if user.is_admin:
+        level = 'Moderator'
+    if user.is_superadmin:  # check this second because user can be admin AND superadmin
+        level = 'Administrator'
+    elif user.is_trusted:
+        level = 'Trusted'
+
     term = flask.request.args.get('q')
     sort = flask.request.args.get('s')
     order = flask.request.args.get('o')
@@ -309,12 +338,17 @@ def view_user(user_name):
     query = search(**query_args)
 
     rss_query_string = _generate_query_string(term, category, quality_filter, user_name)
+
     return flask.render_template('user.html',
+                                 form=form,
                                  torrent_query=query,
                                  search=query_args,
                                  user=user,
                                  user_page=True,
-                                 rss_filter=rss_query_string)
+                                 rss_filter=rss_query_string,
+                                 level=level,
+                                 admin=admin,
+                                 superadmin=superadmin)
 
 
 @app.template_filter('rfc822')
@@ -629,6 +663,13 @@ def send_verification_email(to_address, activ_link):
     server.quit()
 
 
+def _create_user_class_choices():
+    choices = [('regular', 'Regular')]
+    if flask.g.user and flask.g.user.is_superadmin:
+        choices.append(('trusted', 'Trusted'))
+    return choices
+
+
 #################################### STATIC PAGES ####################################
 @app.route('/rules', methods=['GET'])
 def site_rules():
diff --git a/nyaa/templates/profile.html b/nyaa/templates/profile.html
index 2e6e659..e4a50bd 100644
--- a/nyaa/templates/profile.html
+++ b/nyaa/templates/profile.html
@@ -3,7 +3,17 @@
 {% block body %}
 {% from "_formhelpers.html" import render_field %}
 
-<h1>Edit Profile</h1>
+{% if g.user %}
+	<h1>My Account</h1>
+	<div class="content">
+		<p>ID: {{g.user.id}}</p>
+		<p>Account created on: {{g.user.created_time}}</p>
+		<p>Email address: {{g.user.email}}</p>
+		<p>User class: {{level}}</p>
+	</div>
+{% endif %}
+
+<h2>Edit Profile</h2>
 	<form method="POST">
 		{{ form.csrf_token }}
 
diff --git a/nyaa/templates/user.html b/nyaa/templates/user.html
index bcf48f7..1db2303 100644
--- a/nyaa/templates/user.html
+++ b/nyaa/templates/user.html
@@ -1,6 +1,28 @@
 {% extends "layout.html" %}
 {% block title %}{{ user.username }} :: {{ config.SITE_NAME }}{% endblock %}
 {% block body %}
+{% from "_formhelpers.html" import render_field %}
+
+{% if superadmin %}
+	<h1>User Information</h1>
+	<p>ID: {{user.id}}</p>
+	<p>Account created on: {{user.created_time}}</p>
+	<p>Email address: {{user.email}}</p>
+	<p>User class: {{level}}</p>
+	<form method="POST">
+		{{ form.csrf_token }}
+		<div class="row">
+			<div class="form-group col-md-6">
+				{{ render_field(form.user_class, class_='form-control')}}
+			</div>
+		</div>
+		<div class="row">
+			<div class="form-group col-md-6">
+				<input type="submit" value="Apply" class="btn btn-primary">
+			</div>
+		</div>
+	</form>
+{% endif %}
 <h3>
 	Browsing {{user.username}}'s torrents
 </h3>

From 8a87ca93a5e022e58c45f40003bc1d6727a9d887 Mon Sep 17 00:00:00 2001
From: martstern <martstern@waifu.club>
Date: Tue, 16 May 2017 00:20:40 -0400
Subject: [PATCH 2/4] styled user info better, show user class on profile

---
 nyaa/routes.py              | 11 ++++++++-
 nyaa/templates/profile.html | 16 ++++++++-----
 nyaa/templates/user.html    | 45 +++++++++++++++++++++----------------
 3 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/nyaa/routes.py b/nyaa/routes.py
index 99d5308..93c0f80 100644
--- a/nyaa/routes.py
+++ b/nyaa/routes.py
@@ -452,6 +452,15 @@ def profile():
         return flask.redirect('/')  # so we dont get stuck in infinite loop when signing out
 
     form = forms.ProfileForm(flask.request.form)
+
+    level = 'Regular'
+    if flask.g.user.is_admin:
+        level = 'Moderator'
+    if flask.g.user.is_superadmin:  # check this second because we can be admin AND superadmin
+        level = 'Administrator'
+    elif flask.g.user.is_trusted:
+        level = 'Trusted'
+
     if flask.request.method == 'POST' and form.validate():
         user = flask.g.user
         new_email = form.email.data
@@ -472,7 +481,7 @@ def profile():
 
         flask.g.user = user
 
-    return flask.render_template('profile.html', form=form)
+    return flask.render_template('profile.html', form=form, level=level)
 
 
 @app.route('/user/activate/<payload>')
diff --git a/nyaa/templates/profile.html b/nyaa/templates/profile.html
index e4a50bd..671a9d3 100644
--- a/nyaa/templates/profile.html
+++ b/nyaa/templates/profile.html
@@ -5,12 +5,16 @@
 
 {% if g.user %}
 	<h1>My Account</h1>
-	<div class="content">
-		<p>ID: {{g.user.id}}</p>
-		<p>Account created on: {{g.user.created_time}}</p>
-		<p>Email address: {{g.user.email}}</p>
-		<p>User class: {{level}}</p>
-	</div>
+	<dl class="dl-horizontal">
+        <dt>User ID:</dt>
+        <dd>{{g.user.id}}</dd>
+        <dt>Account created on:</dt>
+        <dd>{{g.user.created_time}}</dd>
+        <dt>Email address:</dt>
+        <dd>{{g.user.email}}</dd>
+        <dt>User class:</dt>
+        <dd>{{level}}</dd><br>
+    </dl>
 {% endif %}
 
 <h2>Edit Profile</h2>
diff --git a/nyaa/templates/user.html b/nyaa/templates/user.html
index 1db2303..f0598bb 100644
--- a/nyaa/templates/user.html
+++ b/nyaa/templates/user.html
@@ -4,27 +4,34 @@
 {% from "_formhelpers.html" import render_field %}
 
 {% if superadmin %}
-	<h1>User Information</h1>
-	<p>ID: {{user.id}}</p>
-	<p>Account created on: {{user.created_time}}</p>
-	<p>Email address: {{user.email}}</p>
-	<p>User class: {{level}}</p>
-	<form method="POST">
-		{{ form.csrf_token }}
-		<div class="row">
-			<div class="form-group col-md-6">
-				{{ render_field(form.user_class, class_='form-control')}}
-			</div>
-		</div>
-		<div class="row">
-			<div class="form-group col-md-6">
-				<input type="submit" value="Apply" class="btn btn-primary">
-			</div>
-		</div>
-	</form>
+    <h2>User Information</h2><br>
+    <dl class="dl-horizontal">
+        <dt>User ID:</dt>
+        <dd>{{user.id}}</dd>
+        <dt>Account created on:</dt>
+        <dd>{{user.created_time}}</dd>
+        <dt>Email address:</dt>
+        <dd>{{user.email}}</dd>
+        <dt>User class:</dt>
+        <dd>{{level}}</dd><br>
+    </dl>
+    <form method="POST">
+        {{ form.csrf_token }}
+
+        <div class="form-group row">
+            <div class="col-md-6">
+                {{ render_field(form.user_class, class_='form-control')}}
+            </div>
+        </div>
+        <div class="form-group">
+            <button type="submit" class="btn btn-primary">Apply</button>
+        </div>
+    </form>
+    <br>
 {% endif %}
+
 <h3>
-	Browsing {{user.username}}'s torrents
+    Browsing {{user.username}}'s torrents
 </h3>
 
 {% include "search_results.html" %}

From a19666b49520dea0f29c9fca36514a91685cbe0c Mon Sep 17 00:00:00 2001
From: martstern <martstern@waifu.club>
Date: Tue, 16 May 2017 03:13:22 -0400
Subject: [PATCH 3/4] shrink and put user_class menu and button on same line

---
 nyaa/templates/_formhelpers.html | 27 +++++++++++++++++++++++++++
 nyaa/templates/user.html         |  7 ++-----
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/nyaa/templates/_formhelpers.html b/nyaa/templates/_formhelpers.html
index 2ae1d4d..a84581e 100644
--- a/nyaa/templates/_formhelpers.html
+++ b/nyaa/templates/_formhelpers.html
@@ -91,3 +91,30 @@
 		{% endif %}
 	</div>
 {% endmacro %}
+
+{% macro render_menu_with_button(field) %}
+{% if field.errors %}
+	<div class="form-group has-error">
+{% else %}
+	<div class="form-group">
+{% endif %}
+		{{ field.label(class='control-label') }}
+		{{ field(title=field.description,**kwargs) | safe }}
+		<button type="submit" class="btn btn-primary">Apply</button>
+		{% if field.errors %}
+			<div class="help-block">
+				{% if field.errors|length < 2 %}
+					{% for error in field.errors %}
+						{{ error }}
+					{% endfor %}
+				{% else %}
+					<ul>
+						{% for error in field.errors %}
+							<li>{{ error }}</li>
+						{% endfor %}
+					</ul>
+				{% endif %}
+			</div>
+		{% endif %}
+	</div>
+{% endmacro %}
\ No newline at end of file
diff --git a/nyaa/templates/user.html b/nyaa/templates/user.html
index f0598bb..cf9a0eb 100644
--- a/nyaa/templates/user.html
+++ b/nyaa/templates/user.html
@@ -1,7 +1,7 @@
 {% extends "layout.html" %}
 {% block title %}{{ user.username }} :: {{ config.SITE_NAME }}{% endblock %}
 {% block body %}
-{% from "_formhelpers.html" import render_field %}
+{% from "_formhelpers.html" import render_menu_with_button %}
 
 {% if superadmin %}
     <h2>User Information</h2><br>
@@ -20,12 +20,9 @@
 
         <div class="form-group row">
             <div class="col-md-6">
-                {{ render_field(form.user_class, class_='form-control')}}
+                {{ render_menu_with_button(form.user_class)}}
             </div>
         </div>
-        <div class="form-group">
-            <button type="submit" class="btn btn-primary">Apply</button>
-        </div>
     </form>
     <br>
 {% endif %}

From 04047a571280e06ff59916e8c95763c7885c6a97 Mon Sep 17 00:00:00 2001
From: martstern <martstern@waifu.club>
Date: Wed, 17 May 2017 09:17:08 -0400
Subject: [PATCH 4/4] make admin unable to set own user class, fix missing post
 method

---
 nyaa/routes.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nyaa/routes.py b/nyaa/routes.py
index 0502db0..274e4df 100644
--- a/nyaa/routes.py
+++ b/nyaa/routes.py
@@ -206,14 +206,14 @@ def home(rss):
                                          rss_filter=rss_query_string)
 
 
-@app.route('/user/<user_name>')
+@app.route('/user/<user_name>', methods=['GET', 'POST'])
 def view_user(user_name):
     user = models.User.by_username(user_name)
 
     if not user:
         flask.abort(404)
 
-    if flask.g.user:
+    if flask.g.user and flask.g.user.id != user.id:
         admin = flask.g.user.is_admin
         superadmin = flask.g.user.is_superadmin
     else: