Remove can_modify context variable, use is_staff instead

For both ban and modify actions, we trust staff users to not abuse otherwise-secret scripts and links. We don't supply "can_modify" context variable anymore and just use user.is_staff instead. The same goes for ban links and scripts. Signed-off-by: Alek Ratzloff <alekratz@gmail.com>
2022-07-17 15:32:10 -07:00
parent e686c3b235
commit 794db714de
4 changed files with 2 additions and 48 deletions
--- a/board/templates/board/base.html
+++ b/board/templates/board/base.html
@@ -12,10 +12,8 @@
        <script src="{% static 'board/jquery.js' %}"></script>
        <script src="{% static 'board/jsframe.min.js' %}"></script>
        <script src="{% static 'board/post.js' %}"></script>
-        {% if perms.board.add_ban %}
+        {% if user.is_staff %}
            <script src="{% static 'board/ban.js' %}"></script>
-        {% endif %}
-        {% if can_modify %}
            <script src="{% static 'board/modify.js' %}"></script>
        {% endif %}
        {% block extrajs %}{% endblock %}
--- a/board/templates/board/post_modify_success.html
+++ b/board/templates/board/post_modify_success.html
@@ -1,33 +0,0 @@
-{% extends "board/base.html" %}
-{% load i18n static %}
-{# Title #}
-{% block title %}{% translate "Post modify success" %}{% endblock %}
-{# Body #}
-{% block content %}
-<div class="row" id="message">
-    {# We do not use pluralize filter for "seconds" because it's a pain to get it to translate. #}
-    {% blocktranslate %}Post has been modified. This window will close in {{window_timeout}} second(s).{% endblocktranslate %}
-</div>
-
-<script>
-function isIframe() {
-    try {
-        return window.self !== window.top;
-    } catch (_) {
-        return true;
-    }
-}
-
-setTimeout(function() {
-    if(isIframe()) {
-        let modifyWindow = getModifyWindow();
-        if(modifyWindow) {
-            modifyWindow.closeFrame();
-        }
-    } else {
-        window.close();
-    }
-}, 1000 * {{window_timeout}});
-
-</script>
-{% endblock %}
--- a/board/templates/board/post_snippet.html
+++ b/board/templates/board/post_snippet.html
@@ -5,10 +5,8 @@
    class="post"
    data-report-url="{% url 'board:report_form' board.url post.id %}"
    data-delete-url="{% url 'board:post_delete' post.id %}"
-    {% if perms.board.add_ban %}
+    {% if user.is_staff %}
    data-ban-url="{% url 'board:ban_create' board.url post.id %}"
-    {% endif %}
-    {% if can_modify %}
    data-modify-url="{% url 'board:post_modify' post.id %}"
    {% endif %}
    >