From e186b4cd98f1613a2badab9138861fa1dc55c793 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Tue, 13 Mar 2012 00:41:50 -0700 Subject: [PATCH] Require a password to turn admin mode on. --- r2/r2/controllers/api.py | 10 +++++++ r2/r2/controllers/front.py | 5 ++-- r2/r2/lib/pages/pages.py | 16 +++++++++++ r2/r2/public/static/css/reddit.css | 5 ++++ r2/r2/templates/passwordverificationform.html | 28 +++++++++++++++++++ 5 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 r2/r2/templates/passwordverificationform.html diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py index 7d27bf7da..09543577b 100644 --- a/r2/r2/controllers/api.py +++ b/r2/r2/controllers/api.py @@ -2454,3 +2454,13 @@ class ApiController(RedditController): wrapped = wrap_links(link) wrapped = list(wrapped)[0] return websafe(spaceCompress(wrapped.link_child.content())) + + @validatedForm(VUser('password', default=''), + VModhash(), + dest=VDestination()) + def POST_adminon(self, form, jquery, dest): + if form.has_errors('password', errors.WRONG_PASSWORD): + return + + self.login(c.user, admin = True, rem = True) + form.redirect(dest) diff --git a/r2/r2/controllers/front.py b/r2/r2/controllers/front.py index 3eb2d3af4..049a39293 100644 --- a/r2/r2/controllers/front.py +++ b/r2/r2/controllers/front.py @@ -1066,8 +1066,9 @@ class FormsController(RedditController): #check like this because c.user_is_admin is still false if not c.user.name in g.admins: return self.abort404() - self.login(c.user, admin = True, rem = True) - return self.redirect(dest) + + c.deny_frames = True + return AdminModeInterstitial(dest=dest).render() @validate(VAdmin(), dest = VDestination()) diff --git a/r2/r2/lib/pages/pages.py b/r2/r2/lib/pages/pages.py index cc726e64a..b029f9041 100644 --- a/r2/r2/lib/pages/pages.py +++ b/r2/r2/lib/pages/pages.py @@ -745,6 +745,22 @@ class RegisterPage(LoginPage): def login_template(cls, **kw): return Register(**kw) +class AdminModeInterstitial(BoringPage): + def __init__(self, dest, *args, **kwargs): + self.dest = dest + BoringPage.__init__(self, _("turn admin on"), + show_sidebar=False, + *args, **kwargs) + + def content(self): + return PasswordVerificationForm("adminon", dest=self.dest) + +class PasswordVerificationForm(Templated): + def __init__(self, api, dest): + self.api = api + self.dest = dest + Templated.__init__(self) + class Login(Templated): """The two-unit login and register form.""" def __init__(self, user_reg = '', user_login = '', dest=''): diff --git a/r2/r2/public/static/css/reddit.css b/r2/r2/public/static/css/reddit.css index 45b85dc0e..c9548b11b 100644 --- a/r2/r2/public/static/css/reddit.css +++ b/r2/r2/public/static/css/reddit.css @@ -5135,3 +5135,8 @@ tr.gold-accent + tr > td { .modactions.marknsfw { background-image: url(../modactions_marknsfw.png); /* SPRITE */ } + +.adminpasswordform { + margin-bottom: .5em; + display: inline-block; +} diff --git a/r2/r2/templates/passwordverificationform.html b/r2/r2/templates/passwordverificationform.html new file mode 100644 index 000000000..ffb0cd255 --- /dev/null +++ b/r2/r2/templates/passwordverificationform.html @@ -0,0 +1,28 @@ +<% + from r2.lib.template_helpers import static +%> + +<%namespace name="utils" file="utils.html"/> +<%namespace file="utils.html" import="error_field"/> + +
+ jedberg alien + +

let me see your papers

+ +
+
+ <%utils:round_field title="${_('password')}" description="${_('(required)')}" css_class="adminpasswordform"> + % if thing.dest: + + % endif + + ${error_field("WRONG_PASSWORD", "password")} + + +

+

+
+
+