Update PostModifyForm to use permissions to create its fields

Fields are only displayed via the PostModifyForm if the user has
specific permissions to do things, like set stickies.

Also, add PostModifySuccessView that will close the modify window when
the process is complete.

Signed-off-by: Alek Ratzloff <alekratz@gmail.com>

board/forms.py

@@ -4,6 +4,7 @@ from django.db import transaction
 from django.db.models import Q
 from django import forms
 from django.forms import ModelForm, ModelChoiceField
+from django.forms.models import fields_for_model
 from django.utils import timezone
 from board.models import Ban, Post, Report, ReportReason, ReportRecord
 from hcaptcha.fields import hCaptchaField
@@ -124,8 +125,23 @@ class PostModifyForm(ModelForm):
 
     class Meta:
         model = Post
-        fields = ["bump", "sticky"]
+        # we specify fields up here too because otherwise they won't be
+        # recognized by the form to update values
+        fields: list[str] = ["sticky"]
 
-    def clean(self):
-        super(PostModifyForm, self).clean()
-        print(self.fields["sticky"])
+    def __init__(self, *args, user, **kwargs):
+        super(PostModifyForm, self).__init__(*args, **kwargs)
+        self.user = user
+        fields = []
+        if self.user.has_perm("board.set_sticky"):
+            fields += ["sticky"]
+        # NOTE:
+        # We do *not* need to check permissions against these fields we're
+        # setting down here in the self.clean() function in the case that a
+        # malicious actor has access to the modify form and injects a "sticky"
+        # value to their modify request.
+        #
+        # We specify fields up in the Meta class, but we reset them down here.
+        # If the field isn't present in this list, then it doesn't get updated.
+        # If the field isn't present in the above list, then it doesn't get updated.
+        self.fields = fields_for_model(Post, fields)