rene/banyaro
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Forum: Anpinnen pro Thema/global + Admin-Berechtigung (v1303)

Browse source 
- Anpinnen-Scope: pin_scope ('global' | 'kategorie'). Global haelt oben in
  jeder Ansicht; Themen-Pin nur in der gefilterten Kategorie (nicht in 'Alle').
- Bugfix Berechtigung: Forum pruefte nur is_moderator -> Admins ohne das Flag
  wurden ausgesperrt. Neuer Helper _can_moderate() = rolle in (admin,moderator)
  ODER is_moderator, an allen 7 Forum-Checks + beiden Frontend-isMod-Gates.
- Thread-Detail-Toolbar (nur Admin/Mod): 'Global anpinnen' / 'Im Thema anpinnen'
  / 'Loesen' + Status- und Badge-Anzeige nach Scope.
- DB-Migration forum_threads.pin_scope (idempotent, Default 'global').
- Tests: tests/test_forum_pinning.py (Berechtigung + Scope-Sortierung).
This commit is contained in:
rene 2026-06-18 20:36:06 +02:00
parent 901df5468c
commit ac0814e687
9 changed files with 175 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/database.py
View file

@ -522,6 +522,7 @@ def _migrate(conn_factory):
# Forum Sprint 11: erweiterte Thread-Felder
("forum_threads", "foto_urls", "TEXT"),
("forum_threads", "is_pinned", "INTEGER NOT NULL DEFAULT 0"),
("forum_threads", "pin_scope", "TEXT NOT NULL DEFAULT 'global'"),
("forum_threads", "is_locked", "INTEGER NOT NULL DEFAULT 0"),
("forum_threads", "is_deleted", "INTEGER NOT NULL DEFAULT 0"),
("forum_threads", "likes", "INTEGER NOT NULL DEFAULT 0"),

38
backend/routes/forum.py
View file

@ -42,6 +42,7 @@ class PostCreate(BaseModel):
class ThreadPatch(BaseModel):
is_pinned: Optional[int] = None
is_locked: Optional[int] = None
pin_scope: Optional[str] = None # 'global' (überall oben) | 'kategorie' (nur im Thema oben)
class ThreadUpdate(BaseModel):
titel: Optional[str] = Field(None, max_length=200)
@ -71,6 +72,15 @@ class ResolveReport(BaseModel):
resolved: int = 1
def _can_moderate(user) -> bool:
"""Admin ODER Moderator dürfen moderieren (pin/lock/löschen).
Wichtig: Admins haben nicht zwingend das is_moderator-Flag gesetzt
daher zusätzlich die Rolle prüfen (analog auth.require_moderator)."""
if not user:
return False
return user.get('rolle') in ('admin', 'moderator') or bool(user.get('is_moderator'))
# ------------------------------------------------------------------
# Helpers
# ------------------------------------------------------------------
@ -126,12 +136,13 @@ async def list_threads(
user=Depends(get_current_user_optional),
):
uid = user['id'] if user else None
has_cat = bool(kategorie and kategorie != 'alle')
with db() as conn:
q = """
SELECT t.id, t.kategorie, t.titel,
SUBSTR(t.text, 1, 120) AS text_preview,
t.antworten, t.likes, t.views,
t.is_pinned, t.is_locked, t.foto_urls,
t.is_pinned, t.pin_scope, t.is_locked, t.foto_urls,
t.created_at, t.user_id,
u.name AS autor_name, u.founder_number AS autor_founder_number
FROM forum_threads t
@ -139,13 +150,18 @@ async def list_threads(
WHERE t.is_deleted = 0
"""
params = []
if kategorie and kategorie != 'alle':
if has_cat:
q += " AND t.kategorie = ?"
params.append(kategorie)
if search:
q += " AND (t.titel LIKE ? OR t.text LIKE ?)"
params.extend([f'%{search}%', f'%{search}%'])
q += " ORDER BY t.is_pinned DESC, t.created_at DESC LIMIT ? OFFSET ?"
# Kategorie-Ansicht: globale UND Themen-Pins steigen nach oben.
# "Alle"-Ansicht: nur globale Pins oben — Themen-Pins bleiben in ihrem Thema.
if has_cat:
q += " ORDER BY t.is_pinned DESC, t.created_at DESC LIMIT ? OFFSET ?"
else:
q += " ORDER BY (t.is_pinned = 1 AND t.pin_scope = 'global') DESC, t.created_at DESC LIMIT ? OFFSET ?"
params.extend([limit, offset])
rows = conn.execute(q, params).fetchall()
@ -323,7 +339,7 @@ async def delete_thread(thread_id: int, user=Depends(get_current_user)):
).fetchone()
if not thread:
raise HTTPException(404, "Thread nicht gefunden.")
if thread['user_id'] != user['id'] and not user.get('is_moderator'):
if thread['user_id'] != user['id'] and not _can_moderate(user):
raise HTTPException(403, "Keine Berechtigung.")
conn.execute(
"UPDATE forum_threads SET is_deleted = 1 WHERE id = ?", (thread_id,)
@ -335,7 +351,7 @@ async def delete_thread(thread_id: int, user=Depends(get_current_user)):
# ------------------------------------------------------------------
@router.patch("/threads/{thread_id}")
async def patch_thread(thread_id: int, data: ThreadPatch, user=Depends(get_current_user)):
if not user.get('is_moderator'):
if not _can_moderate(user):
raise HTTPException(403, "Nur Moderatoren können Threads bearbeiten.")
with db() as conn:
thread = conn.execute(
@ -345,6 +361,8 @@ async def patch_thread(thread_id: int, data: ThreadPatch, user=Depends(get_curre
raise HTTPException(404, "Thread nicht gefunden.")
updates = data.model_dump(exclude_none=True)
if 'pin_scope' in updates and updates['pin_scope'] not in ('global', 'kategorie'):
raise HTTPException(400, "Ungültiger pin_scope (erlaubt: 'global', 'kategorie').")
if updates:
cols = ', '.join(f"{k} = ?" for k in updates)
conn.execute(
@ -476,7 +494,7 @@ async def delete_post(post_id: int, user=Depends(get_current_user)):
).fetchone()
if not post:
raise HTTPException(404, "Beitrag nicht gefunden.")
if post['user_id'] != user['id'] and not user.get('is_moderator'):
if post['user_id'] != user['id'] and not _can_moderate(user):
raise HTTPException(403, "Keine Berechtigung.")
conn.execute(
"UPDATE forum_posts SET is_deleted = 1 WHERE id = ?", (post_id,)
@ -504,7 +522,7 @@ async def upload_thread_foto(
).fetchone()
if not thread:
raise HTTPException(404, "Thread nicht gefunden.")
if thread['user_id'] != user['id'] and not user.get('is_moderator'):
if thread['user_id'] != user['id'] and not _can_moderate(user):
raise HTTPException(403, "Keine Berechtigung.")
existing = _parse_foto_urls(thread['foto_urls'])
@ -537,7 +555,7 @@ async def upload_post_foto(
).fetchone()
if not post:
raise HTTPException(404, "Beitrag nicht gefunden.")
if post['user_id'] != user['id'] and not user.get('is_moderator'):
if post['user_id'] != user['id'] and not _can_moderate(user):
raise HTTPException(403, "Keine Berechtigung.")
existing = _parse_foto_urls(post['foto_urls'])
@ -642,7 +660,7 @@ async def report_content(data: ReportBody, user=Depends(get_current_user)):
# ------------------------------------------------------------------
@router.get("/reports")
async def list_reports(user=Depends(get_current_user)):
if not user.get('is_moderator'):
if not _can_moderate(user):
raise HTTPException(403, "Nur Moderatoren.")
with db() as conn:
rows = conn.execute(
@ -660,7 +678,7 @@ async def list_reports(user=Depends(get_current_user)):
# ------------------------------------------------------------------
@router.patch("/reports/{report_id}")
async def resolve_report(report_id: int, data: ResolveReport, user=Depends(get_current_user)):
if not user.get('is_moderator'):
if not _can_moderate(user):
raise HTTPException(403, "Nur Moderatoren.")
with db() as conn:
conn.execute(

26
backend/static/index.html
View file

@ -86,14 +86,14 @@
<title>Ban Yaro</title>
<!-- Theme + theme-color Statusleiste vor CSS setzen -->
<script src="/js/boot-early.js?v=1302"></script>
<script src="/js/boot-early.js?v=1303"></script>
<!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
<link rel="stylesheet" href="/css/design-system.css?v=1302">
<link rel="stylesheet" href="/css/layout.css?v=1302">
<link rel="stylesheet" href="/css/components.css?v=1302">
<link rel="stylesheet" href="/css/utilities.css?v=1302">
<link rel="stylesheet" href="/css/lists.css?v=1302">
<link rel="stylesheet" href="/css/design-system.css?v=1303">
<link rel="stylesheet" href="/css/layout.css?v=1303">
<link rel="stylesheet" href="/css/components.css?v=1303">
<link rel="stylesheet" href="/css/utilities.css?v=1303">
<link rel="stylesheet" href="/css/lists.css?v=1303">
</head>
<body>
@ -624,12 +624,12 @@
<div id="modal-container"></div>
<!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
<script src="/js/api.js?v=1302"></script>
<script src="/js/ui.js?v=1302"></script>
<script src="/js/app.js?v=1302"></script>
<script src="/js/worlds.js?v=1302"></script>
<script src="/js/offline-indicator.js?v=1302"></script>
<script src="/js/contact-form.js?v=1302"></script>
<script src="/js/api.js?v=1303"></script>
<script src="/js/ui.js?v=1303"></script>
<script src="/js/app.js?v=1303"></script>
<script src="/js/worlds.js?v=1303"></script>
<script src="/js/offline-indicator.js?v=1303"></script>
<script src="/js/contact-form.js?v=1303"></script>
<!-- Feature-Seiten werden lazy geladen -->
@ -639,7 +639,7 @@
<!-- Boot: Offline-Banner + SW-Registration (extrahiert für CSP) -->
<script src="/js/boot.js?v=1302"></script>
<script src="/js/boot.js?v=1303"></script>
</body>

2
backend/static/js/app.js
View file

@ -3,7 +3,7 @@
Router, State-Management, Navigation, Initialisierung.
============================================================ */
const APP_VER = '1302'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
const APP_VER = '1303'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
const APP_VERSION = '1.6.0'; // ← semantische Version, wird bei make release gesetzt
window.APP_VER = APP_VER; // global verfügbar für andere Module (z.B. offline-indicator)
window.APP_VERSION = APP_VERSION;

36
backend/static/js/pages/forum.js
View file

@ -82,7 +82,8 @@ function _fmtDate(iso) {
// RENDER — Grundstruktur
// ----------------------------------------------------------
function _render() {
const isMod = !!_appState.user?.is_moderator;
const _u = _appState.user;
const isMod = !!(_u && (_u.rolle === 'admin' || _u.rolle === 'moderator' || _u.is_moderator));
_container.innerHTML = `
<div class="forum-layout">
@ -438,7 +439,7 @@ function _fmtDate(iso) {
const preview = t.text_preview
? UI.escape(t.text_preview.slice(0, 120)) + (t.text_preview.length >= 120 ? '…' : '')
: '';
const pinBadge = t.is_pinned ? `<span class="forum-pin-badge" title="Angepinnt">${UI.icon('push-pin')}</span>` : '';
const pinBadge = t.is_pinned ? `<span class="forum-pin-badge" title="${t.pin_scope === 'kategorie' ? 'Im Thema angepinnt' : 'Angepinnt'}">${UI.icon('push-pin')}</span>` : '';
const lockBadge = t.is_locked ? `<span class="forum-lock-badge" title="Gesperrt">${UI.icon('lock')}</span>` : '';
const fotoHtml = t.foto_preview
? /\.(mp4|mov|webm|m4v|avi)$/i.test(t.foto_preview)
@ -515,14 +516,25 @@ function _fmtDate(iso) {
}
const uid = _appState.user?.id;
const isMod = !!_appState.user?.is_moderator;
const _u = _appState.user;
const isMod = !!(_u && (_u.rolle === 'admin' || _u.rolle === 'moderator' || _u.is_moderator));
const isOwn = uid && uid === thread.user_id;
const pinControls = thread.is_pinned
? `<span class="forum-pin-state" style="display:inline-flex;align-items:center;gap:4px;font-size:var(--text-sm);color:var(--c-text-secondary)">
${UI.icon('push-pin')} Angepinnt${thread.pin_scope === 'kategorie' ? ` (Thema „${UI.escape(thread.kategorie)}")` : ' (global)'}
</span>
<button class="btn btn-ghost btn-sm forum-mod-unpin" title="Anpinnen aufheben">Lösen</button>`
: `<button class="btn btn-ghost btn-sm forum-mod-pin-global" title="Überall ganz oben halten">
${UI.icon('push-pin')} Global anpinnen
</button>
<button class="btn btn-ghost btn-sm forum-mod-pin-cat" title="Nur im Thema „${UI.escape(thread.kategorie)}" oben halten">
${UI.icon('push-pin')} Im Thema anpinnen
</button>`;
const modToolbar = (isMod) ? `
<div class="forum-mod-toolbar">
<button class="btn btn-ghost btn-sm forum-mod-pin" title="${thread.is_pinned ? 'Unpin' : 'Anpinnen'}">
${UI.icon('push-pin')} ${thread.is_pinned ? 'Unpin' : 'Pin'}
</button>
${pinControls}
<button class="btn btn-ghost btn-sm forum-mod-lock" title="${thread.is_locked ? 'Entsperren' : 'Sperren'}">
${UI.icon('lock')} ${thread.is_locked ? 'Entsperren' : 'Sperren'}
</button>
@ -677,14 +689,20 @@ function _fmtDate(iso) {
});
// Moderator: pin/lock/delete
document.querySelector('.forum-mod-pin')?.addEventListener('click', async () => {
const _applyPin = async (payload) => {
try {
await API.forum.patchThread(thread.id, { is_pinned: thread.is_pinned ? 0 : 1 });
await API.forum.patchThread(thread.id, payload);
UI.toast.success('Gespeichert.');
UI.modal.close();
_loadThreads(true);
} catch (err) { UI.toast.error(err.message); }
});
};
document.querySelector('.forum-mod-pin-global')?.addEventListener('click',
() => _applyPin({ is_pinned: 1, pin_scope: 'global' }));
document.querySelector('.forum-mod-pin-cat')?.addEventListener('click',
() => _applyPin({ is_pinned: 1, pin_scope: 'kategorie' }));
document.querySelector('.forum-mod-unpin')?.addEventListener('click',
() => _applyPin({ is_pinned: 0 }));
document.querySelector('.forum-mod-lock')?.addEventListener('click', async () => {
try {

2
backend/static/landing.html
View file

@ -4,7 +4,7 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="color-scheme" content="light dark">
<script src="/js/landing-init.js?v=1302"></script>
<script src="/js/landing-init.js?v=1303"></script>
<title>Ban Yaro — Die Hunde-App für Deutschland, Österreich & Schweiz</title>
<meta name="description" content="Ban Yaro: Die kostenlose All-in-One Hunde-App für DACH. Tagebuch, Giftköder-Alarm, Training mit KI, Forum, Wurfbörse, Stammbaum, Inzucht-Check — DSGVO-konform, offline-fähig, direkt im Browser oder als native iPhone-App (Ban Yaro Go).">
<meta name="keywords" content="Hunde App, Hunde Community, Wurfbörse, Züchter, Welpen kaufen, Stammbaum Hund, Inzuchtkoeffizient, Hundezucht, Impfpass Hund, Giftköder Alarm, Gassi Community, Hundetraining App, Hunde Forum, Hunde KI, Hundefilm Datenbank, Welpen Marktplatz">

2
backend/static/sw.js
View file

@ -4,7 +4,7 @@
============================================================ */
// ← EINZIGE Stelle für die Version — STATIC_ASSETS und CACHE_VERSION leiten sich ab
const VER = '1302';
const VER = '1303';
const CACHE_VERSION = `by-v${VER}`;
const CACHE_STATIC = `${CACHE_VERSION}-static`;
const CACHE_TILES = 'ban-yaro-tiles-v1'; // bleibt über SW-Updates erhalten