diff --git a/files/classes/comment.py b/files/classes/comment.py index db963cd95b..406c5fd5a7 100644 --- a/files/classes/comment.py +++ b/files/classes/comment.py @@ -322,8 +322,8 @@ class Comment(Base): def realbody(self, v): if self.post and self.post.club and not (v and (v.paid_dues or v.id in [self.author_id, self.post.author_id] or (self.parent_comment and v.id == self.parent_comment.author_id))): return f"

{CC} ONLY

" - if self.deleted_utc != 0 and not (v and (v.admin_level >= 2 or v.id == self.author.id)): return "[Deleted by user]" - if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]"; + if self.deleted_utc != 0 and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or v.id == self.author.id)): return "[Deleted by user]" + if self.is_banned and not (v and v.admin_level >= PERMS['POST_COMMENT_MODERATION']): return "[Removed by admins]" body = self.body_html or "" @@ -389,8 +389,8 @@ class Comment(Base): def plainbody(self, v): if self.post and self.post.club and not (v and (v.paid_dues or v.id in [self.author_id, self.post.author_id] or (self.parent_comment and v.id == self.parent_comment.author_id))): return f"{CC} ONLY" - if self.deleted_utc != 0 and not (v and (v.admin_level >= 2 or v.id == self.author.id)): return "[Deleted by user]" - if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]"; + if self.deleted_utc != 0 and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or v.id == self.author.id)): return "[Deleted by user]" + if self.is_banned and not (v and v.admin_level >= PERMS['POST_COMMENT_MODERATION']): return "[Removed by admins]" body = self.body diff --git a/files/classes/submission.py b/files/classes/submission.py index a2ba507e4e..c259aec9df 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -326,8 +326,8 @@ class Submission(Base): @lazy def realbody(self, v, listing=False): if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"

{CC} ONLY

" - if self.deleted_utc != 0 and not (v and (v.admin_level >= 2 or v.id == self.author.id)): return "[Deleted by user]" - if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]" + if self.deleted_utc != 0 and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or v.id == self.author.id)): return "[Deleted by user]" + if self.is_banned and not (v and v.admin_level >= PERMS['POST_COMMENT_MODERATION']): return "[Removed by admins]" body = self.body_html or "" @@ -369,7 +369,7 @@ class Submission(Base): if o.exclusive == 3: body += " - WINNER!" - if not winner and v and v.admin_level > 2: + if not winner and v and v.admin_level >= PERMS['POST_BETS_DISTRIBUTE']: body += f'''''' body += "" else: @@ -395,8 +395,8 @@ class Submission(Base): @lazy def plainbody(self, v): - if self.deleted_utc != 0 and not (v and (v.admin_level >= 2 or v.id == self.author.id)): return "[Deleted by user]" - if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]" + if self.deleted_utc != 0 and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or v.id == self.author.id)): return "[Deleted by user]" + if self.is_banned and not (v and v.admin_level >= PERMS['POST_COMMENT_MODERATION']): return "[Removed by admins]" if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"

{CC} ONLY

" body = self.body diff --git a/files/classes/user.py b/files/classes/user.py index 08dc94b500..0792c81591 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -285,7 +285,7 @@ class User(Base): @lazy def mods(self, sub): if self.is_suspended_permanently or self.shadowbanned: return False - return self.admin_level > 2 or bool(g.db.query(Mod.user_id).filter_by(user_id=self.id, sub=sub).one_or_none()) + return self.admin_level >= PERMS['GLOBAL_MODERATION'] or bool(g.db.query(Mod.user_id).filter_by(user_id=self.id, sub=sub).one_or_none()) @lazy def exiled_from(self, sub): @@ -319,7 +319,7 @@ class User(Base): @lazy def mod_date(self, sub): - if self.admin_level >= 3: return 1 + if self.admin_level >= PERMS['HOLE_GLOBAL_MODERATION']: return 1 mod = g.db.query(Mod).filter_by(user_id=self.id, sub=sub).one_or_none() if not mod: return None return mod.created_utc @@ -414,9 +414,10 @@ class User(Base): @property @lazy def paid_dues(self): - if not FEATURES['COUNTRY_CLUB']: - return True - return not self.shadowbanned and not (self.is_banned and not self.unban_utc) and (self.admin_level or self.club_allowed or (self.club_allowed != False and self.truecoins >= dues)) + if not FEATURES['COUNTRY_CLUB']: return True + if self.shadowbanned: return False + if self.is_suspended_permanently: return False + return self.admin_level >= PERMS['VIEW_CLUB'] or self.club_allowed or (self.club_allowed != False and self.truecoins >= dues) @lazy def any_block_exists(self, other): @@ -453,11 +454,11 @@ class User(Base): @cache.memoize(timeout=86400) def userpagelisting(self, site=None, v=None, page=1, sort="new", t="all"): - if self.shadowbanned and not (v and (v.admin_level > 1 or v.id == self.id)): return [] + if self.shadowbanned and not (v and (v.admin_level >= PERMS['USER_SHADOWBAN'] or v.id == self.id)): return [] posts = g.db.query(Submission.id).filter_by(author_id=self.id, is_pinned=False) - if not (v and (v.admin_level > 1 or v.id == self.id)): + if not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or v.id == self.id)): posts = posts.filter_by(is_banned=False, private=False, ghost=False, deleted_utc=0) posts = apply_time_filter(t, posts, Submission) @@ -565,7 +566,7 @@ class User(Base): @property @lazy def modaction_num(self): - if self.admin_level < 2: return 0 + if self.admin_level < PERMS['ADMIN_MOP_VISIBLE']: return 0 return g.db.query(ModAction).filter_by(user_id=self.id).count() @property @@ -585,7 +586,7 @@ class User(Base): Notification.user_id == self.id, Notification.read == False, Comment.is_banned == False, Comment.deleted_utc == 0) - if not self.shadowbanned and self.admin_level < 3: + if not self.shadowbanned and self.admin_level < PERMS['USER_SHADOWBAN']: notifs = notifs.join(Comment.author).filter(User.shadowbanned == None) return notifs.count() + self.post_notifications_count + self.modaction_notifications_count @@ -610,7 +611,7 @@ class User(Base): Comment.parent_submission == None, ) - if not self.shadowbanned and self.admin_level < 3: + if not self.shadowbanned and self.admin_level < PERMS['USER_SHADOWBAN']: notifs = notifs.join(Comment.author).filter(User.shadowbanned == None) return notifs.count() @@ -767,8 +768,8 @@ class User(Base): 'bannerurl': self.banner_url, 'bio_html': self.bio_html_eager, 'coins': self.coins, - 'post_count': 0 if self.shadowbanned and not (v and (v.shadowbanned or v.admin_level >= 2)) else self.post_count, - 'comment_count': 0 if self.shadowbanned and not (v and (v.shadowbanned or v.admin_level >= 2)) else self.comment_count, + 'post_count': 0 if self.shadowbanned and not (v and (v.shadowbanned or v.admin_level >= PERMS['USER_SHADOWBAN'])) else self.post_count, + 'comment_count': 0 if self.shadowbanned and not (v and (v.shadowbanned or v.admin_level >= PERMS['USER_SHADOWBAN'])) else self.comment_count, 'badges': [x.path for x in self.badges], } @@ -895,7 +896,7 @@ class User(Base): def viewers_recorded(self): if SITE_NAME == 'WPD': # WPD gets profile views return True - elif self.admin_level >= 2: # Admins get profile views + elif self.admin_level >= PERMS['VIEW_PROFILE_VIEWS']: # Admins get profile views return True elif self.patron: # Patrons get profile views as a perk return True @@ -919,7 +920,7 @@ class User(Base): @property @lazy def can_see_chudrama(self): - if self.admin_level: return True + if self.admin_level >= PERMS['VIEW_CHUDRAMA']: return True if self.client: return True if self.truecoins >= 5000: return True if self.agendaposter: return True diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py index ff777a7e29..ffff2e0416 100644 --- a/files/helpers/alerts.py +++ b/files/helpers/alerts.py @@ -95,7 +95,7 @@ def NOTIFY_USERS(text, v): notify_users.add(user.id) if SITE_NAME == "WPD" and 'daisy' in text.lower(): - admin_ids = [x[0] for x in g.db.query(User.id).filter(User.admin_level > 0).all()] + admin_ids = [x[0] for x in g.db.query(User.id).filter(User.admin_level >= PERMS['NOTIFICATIONS_SPECIFIC_WPD_COMMENTS']).all()] notify_users.update(admin_ids) return notify_users - bots diff --git a/files/helpers/const.py b/files/helpers/const.py index 272772afca..871857bb49 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -121,12 +121,76 @@ AGENDAPOSTER_MSG_HTML = """

Hi 1).all()] + admins = [x[0] for x in g.db.query(User.id).filter(User.admin_level >= PERMS['NOTIFICATIONS_HOLE_INACTIVITY_DELETION']).all()] mods = g.db.query(Mod).filter(Mod.sub.in_(names)).all() for x in mods: diff --git a/files/helpers/get.py b/files/helpers/get.py index 8ebd3a4dc5..58710d4a9b 100644 --- a/files/helpers/get.py +++ b/files/helpers/get.py @@ -39,7 +39,7 @@ def get_user(username, v=None, graceful=False, rendered=False, include_blocks=Fa user = user.one_or_none() - if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))): + if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= PERMS['USER_SHADOWBAN'] or v.shadowbanned)))): if not graceful: abort(404) else: return None @@ -95,7 +95,7 @@ def get_account(id, v=None, graceful=False, include_blocks=False, include_shadow user = g.db.get(User, id) - if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))): + if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= PERMS['USER_SHADOWBAN'] or v.shadowbanned)))): if not graceful: abort(404) else: return None @@ -264,7 +264,7 @@ def get_comments(cids, v=None, load_parent=False): blocked.c.target_id, ).filter(Comment.id.in_(cids)) - if not (v and (v.shadowbanned or v.admin_level >= 2)): + if not (v and (v.shadowbanned or v.admin_level >= PERMS['USER_SHADOWBAN'])): comments = comments.join(Comment.author).filter(User.shadowbanned == None) comments = comments.join( diff --git a/files/routes/admin.py b/files/routes/admin.py index fe2469893c..4c096f9a2a 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -22,28 +22,29 @@ import requests from urllib.parse import quote, urlencode @app.post('/kippy') -@admin_level_required(3) +@admin_level_required(PERMS['PRINT_MARSEYBUX_FOR_KIPPY_ON_PCMEMES']) def kippy(v): + if SITE == 'rdrama.net': abort(404) kippy = get_account(KIPPY_ID) kippy.procoins += 10000 g.db.add(kippy) return '10k marseycoins printed!' @app.get('/admin/loggedin') -@admin_level_required(2) +@admin_level_required(PERMS['VIEW_ACTIVE_USERS']) def loggedin_list(v): ids = [x for x,val in cache.get(f'{SITE}_loggedin').items() if time.time()-val < LOGGEDIN_ACTIVE_TIME] users = g.db.query(User).filter(User.id.in_(ids)).order_by(User.admin_level.desc(), User.truecoins.desc()).all() return render_template("loggedin.html", v=v, users=users) @app.get('/admin/loggedout') -@admin_level_required(2) +@admin_level_required(PERMS['VIEW_ACTIVE_USERS']) def loggedout_list(v): users = sorted([val[1] for x,val in cache.get(f'{SITE}_loggedout').items() if time.time()-val[0] < LOGGEDIN_ACTIVE_TIME]) return render_template("loggedout.html", v=v, users=users) @app.get('/admin/merge//') -@admin_level_required(3) +@admin_level_required(PERMS['USER_MERGE']) def merge(v, id1, id2): if v.id != AEVANN_ID: abort(403) @@ -105,7 +106,7 @@ def merge(v, id1, id2): @app.get('/admin/merge_all/') -@admin_level_required(3) +@admin_level_required(PERMS['USER_MERGE']) def merge_all(v, id): if v.id != AEVANN_ID: abort(403) @@ -155,13 +156,13 @@ def merge_all(v, id): @app.post("/@/make_admin") -@admin_level_required(3) +@admin_level_required(PERMS['ADMIN_ADD']) def make_admin(v, username): if SITE == 'rdrama.net': abort(403) user = get_user(username) - user.admin_level = 2 + user.admin_level = PERMS['ADMIN_ADD_PERM_LEVEL'] g.db.add(user) ma = ModAction( @@ -175,7 +176,7 @@ def make_admin(v, username): @app.post("/@/remove_admin") -@admin_level_required(3) +@admin_level_required(PERMS['ADMIN_REMOVE']) def remove_admin(v, username): user = get_user(username) user.admin_level = 0 @@ -192,7 +193,7 @@ def remove_admin(v, username): @app.post("/distribute/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(3) +@admin_level_required(PERMS['POST_BETS_DISTRIBUTE']) def distribute(v, option_id): autojanny = get_account(AUTOJANNY_ID) if autojanny.coins == 0: return {"error": "@AutoJanny has 0 coins"}, 400 @@ -248,7 +249,7 @@ def distribute(v, option_id): @app.post("/@/revert_actions") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(3) +@admin_level_required(PERMS['ADMIN_ACTIONS_REVERT']) def revert_actions(v, username): user = get_user(username) @@ -298,7 +299,7 @@ def revert_actions(v, username): @app.post("/@/club_allow") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_CLUB_ALLOW_BAN']) def club_allow(v, username): u = get_user(username, v=v) @@ -324,7 +325,7 @@ def club_allow(v, username): @app.post("/@/club_ban") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_CLUB_ALLOW_BAN']) def club_ban(v, username): u = get_user(username, v=v) @@ -351,13 +352,13 @@ def club_ban(v, username): @app.get("/admin/shadowbanned") @auth_required def shadowbanned(v): - if not (v and v.admin_level > 1): abort(404) + if not (v and v.admin_level >= PERMS['USER_SHADOWBAN']): abort(404) users = g.db.query(User).filter(User.shadowbanned != None).order_by(User.shadowbanned).all() return render_template("shadowbanned.html", v=v, users=users) @app.get("/admin/image_posts") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def image_posts_listing(v): try: page = int(request.values.get('page', 1)) @@ -375,7 +376,7 @@ def image_posts_listing(v): @app.get("/admin/reported/posts") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def reported_posts(v): page = max(1, int(request.values.get("page", 1))) @@ -396,7 +397,7 @@ def reported_posts(v): @app.get("/admin/reported/comments") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def reported_comments(v): page = max(1, int(request.values.get("page", 1))) @@ -421,11 +422,11 @@ def reported_comments(v): standalone=True) @app.get("/admin") -@admin_level_required(2) +@admin_level_required(PERMS['ADMIN_HOME_VISIBLE']) def admin_home(v): under_attack = False - if v.admin_level > 2: + if v.admin_level >= PERMS['SITE_SETTINGS_UNDER_ATTACK']: if CF_ZONE == 'blahblahblah': response = 'high' else: response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value'] under_attack = response == 'under_attack' @@ -453,7 +454,7 @@ def admin_git_head(): return gitref @app.post("/admin/site_settings/") -@admin_level_required(3) +@admin_level_required(PERMS['SITE_SETTINGS']) def change_settings(v, setting): site_settings = app.config['SETTINGS'] site_settings[setting] = not site_settings[setting] @@ -474,7 +475,7 @@ def change_settings(v, setting): @app.post("/admin/purge_cache") -@admin_level_required(3) +@admin_level_required(PERMS['SITE_CACHE_PURGE_CDN']) def purge_cache(v): online = cache.get(ONLINE_STR) cache.clear() @@ -493,7 +494,7 @@ def purge_cache(v): @app.post("/admin/under_attack") -@admin_level_required(3) +@admin_level_required(PERMS['SITE_SETTINGS_UNDER_ATTACK']) def under_attack(v): response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value'] @@ -519,7 +520,7 @@ def under_attack(v): return {"error": "Failed to enable under attack mode."}, 400 @app.get("/admin/badge_grant") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BADGES']) def badge_grant_get(v): if not FEATURES['BADGES']: abort(404) @@ -530,7 +531,7 @@ def badge_grant_get(v): @app.post("/admin/badge_grant") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BADGES']) def badge_grant_post(v): if not FEATURES['BADGES']: abort(404) @@ -580,7 +581,7 @@ def badge_grant_post(v): @app.get("/admin/badge_remove") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BADGES']) def badge_remove_get(v): if not FEATURES['BADGES']: abort(404) @@ -592,7 +593,7 @@ def badge_remove_get(v): @app.post("/admin/badge_remove") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BADGES']) def badge_remove_post(v): if not FEATURES['BADGES']: abort(404) @@ -629,7 +630,7 @@ def badge_remove_post(v): @app.get("/admin/users") -@admin_level_required(2) +@admin_level_required(PERMS['VIEW_ALL_USERS']) def users_list(v): try: page = int(request.values.get("page", 1)) @@ -650,7 +651,7 @@ def users_list(v): @app.get("/admin/alt_votes") -@admin_level_required(2) +@admin_level_required(PERMS['VIEW_ALT_VOTES']) def alt_votes_get(v): u1 = request.values.get("u1") @@ -757,7 +758,7 @@ def alt_votes_get(v): @app.post("/admin/link_accounts") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_LINK']) def admin_link_accounts(v): u1 = int(request.values.get("u1")) @@ -787,7 +788,7 @@ def admin_link_accounts(v): @app.get("/admin/removed/posts") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def admin_removed(v): try: page = int(request.values.get("page", 1)) @@ -814,7 +815,7 @@ def admin_removed(v): @app.get("/admin/removed/comments") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def admin_removed_comments(v): try: page = int(request.values.get("page", 1)) @@ -839,7 +840,7 @@ def admin_removed_comments(v): @app.post("/agendaposter/") -@admin_level_required(2) +@admin_level_required(PERMS['USER_AGENDAPOSTER']) def agendaposter(user_id, v): user = get_account(user_id) @@ -873,7 +874,7 @@ def agendaposter(user_id, v): @app.post("/unagendaposter/") -@admin_level_required(2) +@admin_level_required(PERMS['USER_AGENDAPOSTER']) def unagendaposter(user_id, v): user = get_account(user_id) @@ -902,7 +903,7 @@ def unagendaposter(user_id, v): @app.post("/shadowban/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_SHADOWBAN']) def shadowban(user_id, v): user = get_account(user_id) if user.admin_level != 0: abort(403) @@ -932,7 +933,7 @@ def shadowban(user_id, v): @app.post("/unshadowban/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_SHADOWBAN']) def unshadowban(user_id, v): user = get_account(user_id) user.shadowbanned = None @@ -957,7 +958,7 @@ def unshadowban(user_id, v): @app.post("/admin/title_change/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_TITLE_CHANGE']) def admin_title_change(user_id, v): user = get_account(user_id) @@ -992,7 +993,7 @@ def admin_title_change(user_id, v): @app.post("/ban_user/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BAN']) def ban_user(user_id, v): user = get_account(user_id) @@ -1055,7 +1056,7 @@ def ban_user(user_id, v): @app.post("/unban_user/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BAN']) def unban_user(user_id, v): user = get_account(user_id) if not user.is_banned: @@ -1086,7 +1087,7 @@ def unban_user(user_id, v): @app.post("/mute_user//") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['USER_BAN']) def mute_user(v, user_id, mute_status): user = get_account(user_id) @@ -1116,7 +1117,7 @@ def mute_user(v, user_id, mute_status): @app.post("/remove_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def remove_post(post_id, v): post = get_post(post_id) post.is_banned = True @@ -1148,7 +1149,7 @@ def remove_post(post_id, v): @app.post("/approve_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def approve_post(post_id, v): post = get_post(post_id) @@ -1179,11 +1180,11 @@ def approve_post(post_id, v): @app.post("/distinguish/") -@admin_level_required(1) +@admin_level_required(PERMS['POST_COMMENT_DISTINGUISH']) def distinguish_post(post_id, v): post = get_post(post_id) - if post.author_id != v.id and v.admin_level < 2 : abort(403) + if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403) if post.distinguish_level: post.distinguish_level = 0 @@ -1207,7 +1208,7 @@ def distinguish_post(post_id, v): @app.post("/sticky/") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def sticky_post(post_id, v): if not FEATURES['PINS']: abort(403) @@ -1216,7 +1217,7 @@ def sticky_post(post_id, v): if not post.stickied: pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False).count() if pins >= PIN_LIMIT: - if v.admin_level > 2: + if v.admin_level >= PERMS['BYPASS_PIN_LIMIT']: post.stickied = v.username post.stickied_utc = int(time.time()) + 3600 else: return {"error": f"Can't exceed {PIN_LIMIT} pinned posts limit!"}, 403 @@ -1237,7 +1238,7 @@ def sticky_post(post_id, v): return {"message": "Post pinned!"} @app.post("/unsticky/") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def unsticky_post(post_id, v): post = get_post(post_id) @@ -1262,7 +1263,7 @@ def unsticky_post(post_id, v): return {"message": "Post unpinned!"} @app.post("/sticky_comment/") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def sticky_comment(cid, v): comment = get_comment(cid, v=v) @@ -1286,7 +1287,7 @@ def sticky_comment(cid, v): @app.post("/unsticky_comment/") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def unsticky_comment(cid, v): comment = get_comment(cid, v=v) @@ -1313,7 +1314,7 @@ def unsticky_comment(cid, v): @app.post("/remove_comment/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def remove_comment(c_id, v): comment = get_comment(c_id) @@ -1333,7 +1334,7 @@ def remove_comment(c_id, v): @app.post("/approve_comment/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def approve_comment(c_id, v): comment = get_comment(c_id) @@ -1360,7 +1361,7 @@ def approve_comment(c_id, v): @app.post("/distinguish_comment/") -@admin_level_required(1) +@admin_level_required(PERMS['POST_COMMENT_DISTINGUISH']) def admin_distinguish_comment(c_id, v): @@ -1389,7 +1390,7 @@ def admin_distinguish_comment(c_id, v): else: return {"message": "Comment undistinguished!"} @app.get("/admin/dump_cache") -@admin_level_required(2) +@admin_level_required(PERMS['SITE_CACHE_DUMP_INTERNAL']) def admin_dump_cache(v): online = cache.get(ONLINE_STR) cache.clear() @@ -1405,7 +1406,7 @@ def admin_dump_cache(v): @app.get("/admin/banned_domains/") -@admin_level_required(3) +@admin_level_required(PERMS['DOMAINS_BAN']) def admin_banned_domains(v): banned_domains = g.db.query(BannedDomain).all() @@ -1413,7 +1414,7 @@ def admin_banned_domains(v): @app.post("/admin/banned_domains") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(3) +@admin_level_required(PERMS['DOMAINS_BAN']) def admin_toggle_ban_domain(v): domain=request.values.get("domain", "").strip() @@ -1446,7 +1447,7 @@ def admin_toggle_ban_domain(v): @app.post("/admin/nuke_user") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def admin_nuke_user(v): user=get_user(request.values.get("user")) @@ -1479,7 +1480,7 @@ def admin_nuke_user(v): @app.post("/admin/unnuke_user") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def admin_nunuke_user(v): user=get_user(request.values.get("user")) diff --git a/files/routes/asset_submissions.py b/files/routes/asset_submissions.py index b4aaf88f08..9118b976c2 100644 --- a/files/routes/asset_submissions.py +++ b/files/routes/asset_submissions.py @@ -22,7 +22,7 @@ def asset_submissions(path): @app.get("/submit/marseys") @auth_required def submit_marseys(v): - if v.admin_level > 2: + if v.admin_level >= PERMS['VIEW_PENDING_SUBMITTED_MARSEYS']: marseys = g.db.query(Marsey).filter(Marsey.submitter_id != None).all() else: marseys = g.db.query(Marsey).filter(Marsey.submitter_id == v.id).all() @@ -44,7 +44,7 @@ def submit_marsey(v): username = request.values.get('author').lower().strip() def error(error): - if v.admin_level > 2: marseys = g.db.query(Marsey).filter(Marsey.submitter_id != None).all() + if v.admin_level >= PERMS['VIEW_PENDING_SUBMITTED_MARSEYS']: marseys = g.db.query(Marsey).filter(Marsey.submitter_id != None).all() else: marseys = g.db.query(Marsey).filter(Marsey.submitter_id == v.id).all() for marsey in marseys: marsey.author = g.db.query(User.username).filter_by(id=marsey.author_id).one()[0] @@ -82,7 +82,7 @@ def submit_marsey(v): g.db.add(marsey) g.db.flush() - if v.admin_level > 2: marseys = g.db.query(Marsey).filter(Marsey.submitter_id != None).all() + if v.admin_level >= PERMS['VIEW_PENDING_SUBMITTED_MARSEYS']: marseys = g.db.query(Marsey).filter(Marsey.submitter_id != None).all() else: marseys = g.db.query(Marsey).filter(Marsey.submitter_id == v.id).all() for marsey in marseys: marsey.author = g.db.query(User.username).filter_by(id=marsey.author_id).one()[0] @@ -92,7 +92,7 @@ def submit_marsey(v): @app.post("/admin/approve/marsey/") -@admin_level_required(3) +@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_MARSEYS']) def approve_marsey(v, name): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID): return {"error": "Only Carp can approve marseys!"}, 403 @@ -186,7 +186,7 @@ def remove_marsey(v, name): @app.get("/submit/hats") @auth_required def submit_hats(v): - if v.admin_level > 2: hats = g.db.query(HatDef).filter(HatDef.submitter_id != None).all() + if v.admin_level >= PERMS['VIEW_PENDING_SUBMITTED_HATS']: hats = g.db.query(HatDef).filter(HatDef.submitter_id != None).all() else: hats = g.db.query(HatDef).filter(HatDef.submitter_id == v.id).all() return render_template("submit_hats.html", v=v, hats=hats) @@ -200,7 +200,7 @@ def submit_hat(v): username = request.values.get('author').strip() def error(error): - if v.admin_level > 2: hats = g.db.query(HatDef).filter(HatDef.submitter_id != None).all() + if v.admin_level >= PERMS['VIEW_PENDING_SUBMITTED_HATS']: hats = g.db.query(HatDef).filter(HatDef.submitter_id != None).all() else: hats = g.db.query(HatDef).filter(HatDef.submitter_id == v.id).all() return render_template("submit_hats.html", v=v, hats=hats, error=error, name=name, description=description, username=username), 400 @@ -245,13 +245,13 @@ def submit_hat(v): g.db.commit() - if v.admin_level > 2: hats = g.db.query(HatDef).filter(HatDef.submitter_id != None).all() + if v.admin_level >= PERMS['VIEW_PENDING_SUBMITTED_HATS']: hats = g.db.query(HatDef).filter(HatDef.submitter_id != None).all() else: hats = g.db.query(HatDef).filter(HatDef.submitter_id == v.id).all() return render_template("submit_hats.html", v=v, hats=hats, msg=f"'{name}' submitted successfully!") @app.post("/admin/approve/hat/") -@admin_level_required(3) +@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_HATS']) def approve_hat(v, name): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID): return {"error": "Only Carp can approve hats!"}, 403 @@ -345,7 +345,7 @@ def remove_hat(v, name): @app.get("/admin/update/marseys") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_MARSEYS']) def update_marseys(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) @@ -354,7 +354,7 @@ def update_marseys(v): @app.post("/admin/update/marseys") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_MARSEYS']) def update_marsey(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) @@ -408,7 +408,7 @@ def update_marsey(v): @app.get("/admin/update/hats") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_HATS']) def update_hats(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) @@ -417,7 +417,7 @@ def update_hats(v): @app.post("/admin/update/hats") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_HATS']) def update_hat(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) diff --git a/files/routes/awards.py b/files/routes/awards.py index 7f91ceaba9..5e43fcd1f5 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -51,7 +51,7 @@ def buy(v, award): if award == 'benefactor' and not request.values.get("mb"): return {"error": "You can only buy the Benefactor award with marseybux."}, 403 - if award == 'ghost' and v.admin_level < 2: + if award == 'ghost' and v.admin_level < PERMS['BUY_GHOST_AWARD']: return {"error": "Only admins can buy this award."}, 403 AWARDS = deepcopy(AWARDS2) @@ -212,7 +212,7 @@ def award_thing(v, thing_type, id): author.unban_utc += 86400 send_repeatable_notification(author.id, f"Your account has been banned for **yet another day** for {link}. Seriously man?") - if v.admin_level > 2: + if v.admin_level >= PERMS['USER_BAN']: log_link = f'/{thing_type}/{thing.id}' reason = f'{log_link}' @@ -236,7 +236,7 @@ def award_thing(v, thing_type, id): author.ban_reason = None send_repeatable_notification(author.id, "You have been unbanned!") - if v.admin_level > 2: + if v.admin_level >= PERMS['USER_BAN']: ma=ModAction( kind="unban_user", user_id=v.id, @@ -249,7 +249,7 @@ def award_thing(v, thing_type, id): author.unban_utc = int(time.time()) + 30 * 86400 send_repeatable_notification(author.id, f"Your account has been banned permanently for {link}. You must [provide the admins](/contact) a timestamped picture of you touching grass/snow/sand/ass to get unbanned!") - if v.admin_level > 2: + if v.admin_level >= PERMS['USER_BAN']: log_link = f'/{thing_type}/{thing.id}' reason = f'{log_link}' @@ -297,7 +297,7 @@ def award_thing(v, thing_type, id): badge_grant(user=author, badge_id=28) - if v.admin_level > 2: + if v.admin_level >= PERMS['USER_AGENDAPOSTER']: ma = ModAction( kind="agendaposter", user_id=v.id, diff --git a/files/routes/chat.py b/files/routes/chat.py index f26f32ab83..56a53b4d6a 100644 --- a/files/routes/chat.py +++ b/files/routes/chat.py @@ -97,7 +97,7 @@ def speak(data, v): total += 1 - if v.admin_level > 1: + if v.admin_level >= PERMS['USER_BAN']: text = text.lower() for i in mute_regex.finditer(text): username = i.group(1).lower() @@ -153,7 +153,7 @@ def typing_indicator(data, v): @socketio.on('delete') -@admin_level_required(2) +@admin_level_required(PERMS['POST_COMMENT_MODERATION']) def delete(text, v): for message in messages: diff --git a/files/routes/comments.py b/files/routes/comments.py index 86d46861cc..fd5deda04c 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -41,7 +41,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): if not comment.can_see(v): abort(403) - if comment.author.shadowbanned and not (v and v.shadowbanned) and not (v and v.admin_level >= 2): + if comment.author.shadowbanned and not (v and v.shadowbanned) and not (v and v.admin_level >= PERMS['USER_SHADOWBAN']): abort(404) if v and request.values.get("read"): @@ -52,7 +52,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): if comment.post and comment.post.club and not (v and (v.paid_dues or v.id in [comment.author_id, comment.post.author_id])): abort(403) - if not comment.parent_submission and not (v and (comment.author.id == v.id or comment.sentto == v.id)) and not (v and v.admin_level > 1) : abort(403) + if not comment.parent_submission and not (v and (comment.author.id == v.id or comment.sentto == v.id)) and not (v and v.admin_level >= PERMS['POST_COMMENT_MODERATION']) : abort(403) if not pid: if comment.parent_submission: pid = comment.parent_submission @@ -96,7 +96,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): blocked.c.target_id, ) - if not (v and v.shadowbanned) and not (v and v.admin_level >= 2): + if not (v and v.shadowbanned) and not (v and v.admin_level >= PERMS['USER_SHADOWBAN']): comments = comments.join(Comment.author).filter(User.shadowbanned == None) comments=comments.filter( @@ -127,7 +127,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): if request.headers.get("Authorization"): return top_comment.json else: - if post.is_banned and not (v and (v.admin_level > 1 or post.author_id == v.id)): template = "submission_banned.html" + if post.is_banned and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.author_id == v.id)): template = "submission_banned.html" else: template = "submission.html" return render_template(template, v=v, p=post, sort=sort, comment_info=comment_info, render_replies=True, sub=post.subr) @@ -156,7 +156,7 @@ def comment(v): parent_comment_id = None level = 1 - if POLL_THREAD and parent.id == POLL_THREAD and v.admin_level < 2: abort(403) + if POLL_THREAD and parent.id == POLL_THREAD and v.admin_level < PERMS['POST_TO_POLL_THREAD']: abort(403) elif parent_fullname.startswith("c_"): parent = get_comment(parent_fullname.split("_")[1], v=v) parent_comment_id = parent.id @@ -196,7 +196,7 @@ def comment(v): file.save(oldname) image = process_image(oldname, patron=v.patron) if image == "": return {"error":"Image upload failed"}, 400 - if v.admin_level > 2 and level == 1: + if v.admin_level >= PERMS['SITE_SETTINGS_SIDEBARS_BANNERS_BADGES'] and level == 1: if parent_post.id == SIDEBAR_THREAD: li = sorted(os.listdir(f'files/assets/images/{SITE_NAME}/sidebar'), key=lambda e: int(e.split('.webp')[0]))[-1] @@ -239,7 +239,7 @@ def comment(v): body = body.strip() - if v.admin_level > 2 and parent_post.id == SNAPPY_THREAD and level == 1: + if v.admin_level >= PERMS['SITE_SETTINGS_SNAPPY_QUOTES'] and parent_post.id == SNAPPY_THREAD and level == 1: with open(f"snappy_{SITE_NAME}.txt", "a", encoding="utf-8") as f: f.write('\n{[para]}\n' + body) @@ -263,7 +263,7 @@ def comment(v): ).first() if existing: return {"error": f"You already made that comment: /comment/{existing.id}"}, 409 - if parent.author.any_block_exists(v) and v.admin_level < 2: + if parent.author.any_block_exists(v) and v.admin_level < PERMS['POST_COMMENT_MODERATION']: return {"error": "You can't reply to users who have blocked you, or users you have blocked."}, 403 is_bot = v.id != 12125 and (bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)) @@ -914,7 +914,7 @@ def handle_wordle_action(cid, v): def toggle_comment_nsfw(cid, v): comment = get_comment(cid) - if comment.author_id != v.id and not v.admin_level > 1 and not (comment.post.sub and v.mods(comment.post.sub)): + if comment.author_id != v.id and not v.admin_level >= PERMS['POST_COMMENT_MODERATION'] and not (comment.post.sub and v.mods(comment.post.sub)): abort(403) if comment.over_18 and v.is_suspended_permanently: @@ -924,7 +924,7 @@ def toggle_comment_nsfw(cid, v): g.db.add(comment) if comment.author_id != v.id: - if v.admin_level > 2: + if v.admin_level >= PERMS['POST_COMMENT_MODERATION']: ma = ModAction( kind = "set_nsfw_comment" if comment.over_18 else "unset_nsfw_comment", user_id = v.id, diff --git a/files/routes/front.py b/files/routes/front.py index 6e5900b9ee..ee9de51347 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -239,7 +239,7 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all", gt=0, lt=0, comments = g.db.query(Comment.id).filter(Comment.parent_submission != None, Comment.author_id.notin_(v.userblocks)) - if v.admin_level < 2: + if v.admin_level < PERMS['POST_COMMENT_MODERATION']: private = [x[0] for x in g.db.query(Submission.id).filter(Submission.private == True).all()] comments = comments.filter(Comment.is_banned==False, Comment.deleted_utc == 0, Comment.parent_submission.notin_(private)) diff --git a/files/routes/lottery.py b/files/routes/lottery.py index dfb87d207b..3546d15176 100644 --- a/files/routes/lottery.py +++ b/files/routes/lottery.py @@ -8,7 +8,7 @@ from files.helpers.lottery import * import requests @app.post("/lottery/end") -@admin_level_required(3) +@admin_level_required(PERMS['LOTTERY_ADMIN']) @casino_required def lottery_end(v): success, message = end_lottery_session() @@ -16,7 +16,7 @@ def lottery_end(v): @app.post("/lottery/start") -@admin_level_required(3) +@admin_level_required(PERMS['LOTTERY_ADMIN']) @casino_required def lottery_start(v): start_new_lottery_session() @@ -51,7 +51,7 @@ def lottery_active(v): return {"message": "", "stats": {"user": v.lottery_stats, "lottery": lottery, "participants": participants}} @app.get("/admin/lottery/participants") -@admin_level_required(2) +@admin_level_required(PERMS['LOTTERY_VIEW_PARTICIPANTS']) @casino_required def lottery_admin(v): participants = get_users_participating_in_lottery() diff --git a/files/routes/notifications.py b/files/routes/notifications.py index e483508ac1..098ba10d4d 100644 --- a/files/routes/notifications.py +++ b/files/routes/notifications.py @@ -36,7 +36,7 @@ def unread(v): @app.get("/notifications/modmail") -@admin_level_required(2) +@admin_level_required(PERMS['VIEW_MODMAIL']) def notifications_modmail(v): try: page = max(int(request.values.get("page", 1)), 1) except: page = 1 @@ -75,7 +75,7 @@ def notifications_messages(v): Comment.parent_submission == None, Comment.level == 1, ) - if not v.shadowbanned and v.admin_level < 3: + if not v.shadowbanned and v.admin_level < PERMS['NOTIFICATIONS_FROM_SHADOWBANNED_USERS']: message_threads = message_threads.join(Comment.author) \ .filter(User.shadowbanned == None) @@ -258,7 +258,7 @@ def notifications(v): or_(Comment.sentto == None, Comment.sentto == 2), ).order_by(Notification.created_utc.desc()) - if not (v and (v.shadowbanned or v.admin_level > 2)): + if not (v and (v.shadowbanned or v.admin_level >= PERMS['NOTIFICATIONS_FROM_SHADOWBANNED_USERS'])): comments = comments.join(Comment.author).filter(User.shadowbanned == None) comments = comments.offset(25 * (page - 1)).limit(26).all() diff --git a/files/routes/oauth.py b/files/routes/oauth.py index da25790b0e..ea736d6cf0 100644 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -83,7 +83,7 @@ def request_api_keys(v): new_comment.top_comment_id = new_comment.id - for admin in g.db.query(User).filter(User.admin_level > 2).all(): + for admin in g.db.query(User).filter(User.admin_level >= PERMS['APPS_MODERATION']).all(): notif = Notification(comment_id=new_comment.id, user_id=admin.id) g.db.add(notif) @@ -137,7 +137,7 @@ def edit_oauth_app(v, aid): @app.post("/admin/app/approve/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(3) +@admin_level_required(PERMS['APPS_MODERATION']) def admin_app_approve(v, aid): app = g.db.get(OauthApp, aid) @@ -173,7 +173,7 @@ def admin_app_approve(v, aid): @app.post("/admin/app/revoke/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(3) +@admin_level_required(PERMS['APPS_MODERATION']) def admin_app_revoke(v, aid): app = g.db.get(OauthApp, aid) @@ -198,7 +198,7 @@ def admin_app_revoke(v, aid): @app.post("/admin/app/reject/") @limiter.limit("1/second;30/minute;200/hour;1000/day") -@admin_level_required(3) +@admin_level_required(PERMS['APPS_MODERATION']) def admin_app_reject(v, aid): app = g.db.get(OauthApp, aid) @@ -223,7 +223,7 @@ def admin_app_reject(v, aid): @app.get("/admin/app/") -@admin_level_required(3) +@admin_level_required(PERMS['APPS_MODERATION']) def admin_app_id(v, aid): aid=aid oauth = g.db.get(OauthApp, aid) @@ -244,7 +244,7 @@ def admin_app_id(v, aid): ) @app.get("/admin/app//comments") -@admin_level_required(3) +@admin_level_required(PERMS['APPS_MODERATION']) def admin_app_id_comments(v, aid): aid=aid @@ -271,7 +271,7 @@ def admin_app_id_comments(v, aid): @app.get("/admin/apps") -@admin_level_required(3) +@admin_level_required(PERMS['APPS_MODERATION']) def admin_apps_list(v): apps = g.db.query(OauthApp).order_by(OauthApp.id.desc()).all() diff --git a/files/routes/posts.py b/files/routes/posts.py index 9ded454a28..ff120fd86b 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -35,7 +35,7 @@ def club_post(pid, v): abort(403) post = get_post(pid) - if post.author_id != v.id and v.admin_level < 2: abort(403) + if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403) if not post.club: post.club = True @@ -106,8 +106,7 @@ def publish(pid, v): cache.delete_memoized(frontlist) cache.delete_memoized(User.userpagelisting) - if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog': - send_changelog_message(post.permalink) + send_changelog_message(post.permalink) if SITE == 'watchpeopledie.co': send_wpd_message(post.permalink) @@ -168,7 +167,7 @@ def post_id(pid, anything=None, v=None, sub=None): blocked.c.target_id, ) - if not (v and v.shadowbanned) and not (v and v.admin_level >= 2): + if not (v and v.shadowbanned) and not (v and v.admin_level >= PERMS['USER_SHADOWBAN']): comments = comments.join(Comment.author).filter(User.shadowbanned == None) comments=comments.filter(Comment.parent_submission == post.id, Comment.level < 10).join( @@ -258,7 +257,7 @@ def post_id(pid, anything=None, v=None, sub=None): template = "submission.html" if (post.is_banned or post.author.shadowbanned) \ - and not (v and (v.admin_level >= 2 or post.author_id == v.id)): + and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.author_id == v.id)): template = "submission_banned.html" return render_template(template, v=v, p=post, ids=list(ids), @@ -290,7 +289,7 @@ def viewmore(v, pid, sort, offset): blocked.c.target_id, ).filter(Comment.parent_submission == pid, Comment.stickied == None, Comment.id.notin_(ids), Comment.level < 10) - if not (v and v.shadowbanned) and not (v and v.admin_level >= 2): + if not (v and v.shadowbanned) and not (v and v.admin_level >= PERMS['USER_SHADOWBAN']): comments = comments.join(Comment.author).filter(User.shadowbanned == None) comments=comments.join( @@ -409,14 +408,13 @@ def morecomments(v, cid): @auth_required def edit_post(pid, v): p = get_post(pid) + if v.id != p.author_id and v.admin_level < PERMS['POST_EDITING']: + abort(403) title = sanitize_raw_title(request.values.get("title", "")) body = sanitize_raw_body(request.values.get("body", "")) - if v.id != p.author_id and v.admin_level < 2: - abort(403) - if v.id == p.author_id: if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): return {"error":"You have to type more than 280 characters!"}, 403 @@ -717,8 +715,9 @@ def submit_post(v, sub=None): sub = request.values.get("sub", "").lower().replace('/h/','').strip() - if sub == 'changelog': - allowed = g.db.query(User.id).filter(User.admin_level > 0).all() + g.db.query(Badge.user_id).filter_by(badge_id=3).all() + if sub == 'changelog' and not v.admin_level >= PERMS['POST_TO_CHANGELOG']: + # we also allow 'code contributor' badgeholders to post to the changelog hole + allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all() allowed = [x[0] for x in allowed] if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog") @@ -876,7 +875,7 @@ def submit_post(v, sub=None): if len(url) > 2048: return error("There's a 2048 character limit for URLs.") - if v and v.admin_level > 2: + if v and v.admin_level >= PERMS['POST_BETS']: bets = [] for i in bet_regex.finditer(body): bets.append(i.group(1)) @@ -963,7 +962,7 @@ def submit_post(v, sub=None): ) g.db.add(choice) - if v and v.admin_level > 2: + if v and v.admin_level >= PERMS['POST_BETS']: for bet in bets: bet = SubmissionOption( submission_id=post.id, @@ -1067,7 +1066,7 @@ def submit_post(v, sub=None): cache.delete_memoized(frontlist) cache.delete_memoized(User.userpagelisting) - if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog' and not post.private: + if post.sub == 'changelog' and not post.private: send_changelog_message(post.permalink) if not post.private and SITE == 'watchpeopledie.co': @@ -1133,7 +1132,7 @@ def undelete_post_pid(pid, v): def toggle_post_nsfw(pid, v): post = get_post(pid) - if post.author_id != v.id and not v.admin_level > 1 and not (post.sub and v.mods(post.sub)): + if post.author_id != v.id and not v.admin_level >= PERMS['POST_COMMENT_MODERATION'] and not (post.sub and v.mods(post.sub)): abort(403) if post.over_18 and v.is_suspended_permanently: @@ -1143,7 +1142,7 @@ def toggle_post_nsfw(pid, v): g.db.add(post) if post.author_id != v.id: - if v.admin_level > 2: + if v.admin_level >= PERMS['POST_COMMENT_MODERATION']: ma = ModAction( kind = "set_nsfw" if post.over_18 else "unset_nsfw", user_id = v.id, diff --git a/files/routes/reporting.py b/files/routes/reporting.py index 4b965faf09..45c0004985 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -30,10 +30,10 @@ def flag_post(pid, v): if len(reason) > 350: return {"error": "Too long."}, 400 - if reason.startswith('!') and (v.admin_level > 1 or post.sub and v.mods(post.sub)): + if reason.startswith('!') and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.sub and v.mods(post.sub)): post.flair = reason[1:] g.db.add(post) - if v.admin_level > 1: + if v.admin_level >= PERMS['POST_COMMENT_MODERATION']: ma=ModAction( kind="flair_post", user_id=v.id, @@ -51,7 +51,7 @@ def flag_post(pid, v): ) g.db.add(ma) - elif reason.startswith('/h/') and (v.admin_level >= 2 or v.id == post.author_id or (reason == '/h/chudrama' and v.mods(post.sub))): + elif reason.startswith('/h/') and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or v.id == post.author_id or (reason == '/h/chudrama' and v.mods(post.sub))): sub_from = post.sub sub_to = reason[3:].strip().lower() @@ -95,7 +95,7 @@ def flag_post(pid, v): g.db.add(ma) if v.id != post.author_id: - if v.admin_level >= 3: position = 'Admin' + if v.admin_level >= PERMS['POST_COMMENT_MODERATION']: position = 'Admin' else: position = 'Mod' message = f"@{v.username} ({position}) has moved [{post.title}]({post.shortlink}) to /h/{post.sub}" send_repeatable_notification(post.author_id, message) diff --git a/files/routes/search.py b/files/routes/search.py index 5c325d1ef4..24257bbaf1 100644 --- a/files/routes/search.py +++ b/files/routes/search.py @@ -61,17 +61,19 @@ def searchposts(v): if not v.paid_dues: posts = posts.filter(Submission.club == False) - if v.admin_level < 2: + if v.admin_level < PERMS['POST_COMMENT_MODERATION']: posts = posts.filter( Submission.deleted_utc == 0, Submission.is_banned == False, - Submission.private == False, - User.shadowbanned == None) + Submission.private == False) + + if v.admin_level < PERMS['USER_SHADOWBAN']: + posts = posts.filter(User.shadowbanned == None) if 'author' in criteria: posts = posts.filter(Submission.ghost == False) author = get_user(criteria['author'], v=v, include_shadowbanned=False) - if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: + if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye: if request.headers.get("Authorization"): return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 return render_template("search.html", @@ -198,7 +200,7 @@ def searchcomments(v): if 'author' in criteria: comments = comments.filter(Comment.ghost == False) author = get_user(criteria['author'], v=v, include_shadowbanned=False) - if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: + if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye: if request.headers.get("Authorization"): return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 @@ -220,7 +222,7 @@ def searchcomments(v): comments = apply_time_filter(t, comments, Comment) - if v.admin_level < 2: + if v.admin_level < PERMS['POST_COMMENT_MODERATION']: private = [x[0] for x in g.db.query(Submission.id).filter(Submission.private == True).all()] comments = comments.filter(Comment.is_banned==False, Comment.deleted_utc == 0, Comment.parent_submission.notin_(private)) @@ -282,7 +284,7 @@ def searchusers(v): ) ) - if v.admin_level < 2: + if v.admin_level < PERMS['USER_SHADOWBAN']: users = users.filter(User.shadowbanned == None) users=users.order_by(User.username.ilike(term).desc(), User.stored_subscriber_count.desc()) diff --git a/files/routes/static.py b/files/routes/static.py index 8186e40025..751a46eb00 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -104,7 +104,7 @@ def daily_chart(v): @app.get("/patrons") @app.get("/paypigs") -@admin_level_required(3) +@admin_level_required(PERMS['VIEW_PATRONS']) def patrons(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID): abort(404) @@ -116,7 +116,7 @@ def patrons(v): @app.get("/badmins") @auth_required def admins(v): - if v and v.admin_level > 2: + if v.admin_level >= PERMS['VIEW_SORTED_ADMIN_LIST']: admins = g.db.query(User).filter(User.admin_level>1).order_by(User.truecoins.desc()).all() admins += g.db.query(User).filter(User.admin_level==1).order_by(User.truecoins.desc()).all() else: admins = g.db.query(User).filter(User.admin_level>0).order_by(User.truecoins.desc()).all() @@ -137,7 +137,7 @@ def log(v): kind = request.values.get("kind") - if v and v.admin_level > 1: types = ACTIONTYPES + if v and v.admin_level >= PERMS['USER_SHADOWBAN']: types = ACTIONTYPES else: types = ACTIONTYPES2 if kind and kind not in types: @@ -145,7 +145,7 @@ def log(v): actions = [] else: actions = g.db.query(ModAction) - if not (v and v.admin_level >= 2): + if not (v and v.admin_level >= PERMS['USER_SHADOWBAN']): actions = actions.filter(ModAction.kind.notin_(["shadowban","unshadowban"])) if admin_id: @@ -162,7 +162,7 @@ def log(v): next_exists=len(actions)>25 actions=actions[:25] - admins = [x[0] for x in g.db.query(User.username).filter(User.admin_level >= 2).order_by(User.username).all()] + admins = [x[0] for x in g.db.query(User.username).filter(User.admin_level >= PERMS['ADMIN_MOP_VISIBLE']).order_by(User.username).all()] return render_template("log.html", v=v, admins=admins, types=types, admin=admin, type=kind, actions=actions, next_exists=next_exists, page=page) @@ -177,9 +177,9 @@ def log_item(id, v): if not action: abort(404) - admins = [x[0] for x in g.db.query(User.username).filter(User.admin_level > 1).all()] + admins = [x[0] for x in g.db.query(User.username).filter(User.admin_level >= PERMS['ADMIN_MOP_VISIBLE']).all()] - if v and v.admin_level > 1: types = ACTIONTYPES + if v and v.admin_level >= PERMS['USER_SHADOWBAN']: types = ACTIONTYPES else: types = ACTIONTYPES2 return render_template("log.html", v=v, actions=[action], next_exists=False, page=1, action=action, admins=admins, types=types) @@ -232,7 +232,7 @@ def submit_contact(v): g.db.flush() new_comment.top_comment_id = new_comment.id - admins = g.db.query(User).filter(User.admin_level > 2) + admins = g.db.query(User).filter(User.admin_level >= PERMS['NOTIFICATIONS_MODMAIL']) if SITE == 'watchpeopledie.co': admins = admins.filter(User.id != AEVANN_ID) @@ -556,7 +556,7 @@ if SITE == 'pcmemes.net': return render_template('live.html', v=v, live=live, offline=offline) @app.post('/live/add') - @admin_level_required(2) + @admin_level_required(PERMS['STREAMERS_MODERATION']) def live_add(v): link = request.values.get('link').strip() @@ -595,7 +595,7 @@ if SITE == 'pcmemes.net': return redirect('/live') @app.post('/live/remove') - @admin_level_required(2) + @admin_level_required(PERMS['STREAMERS_MODERATION']) def live_remove(v): id = request.values.get('id').strip() if not id: abort(400) diff --git a/files/routes/subs.py b/files/routes/subs.py index ad40ef5ff6..5c71874543 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -345,7 +345,7 @@ def create_sub2(v): mod = Mod(user_id=v.id, sub=sub.name) g.db.add(mod) - admins = [x[0] for x in g.db.query(User.id).filter(User.admin_level > 1, User.id != v.id).all()] + admins = [x[0] for x in g.db.query(User.id).filter(User.admin_level >= PERMS['NOTIFICATIONS_HOLE_CREATION'], User.id != v.id).all()] for admin in admins: send_repeatable_notification(admin, f":!marseyparty: /h/{sub} has been created by @{v.username} :marseyparty:") @@ -366,7 +366,7 @@ def kick(v, pid): old = post.sub post.sub = None - if v.admin_level >= 3 and v.id != post.author_id: + if v.admin_level >= PERMS['GLOBAL_MODERATION'] and v.id != post.author_id: old_str = f'/h/{old}' ma = ModAction( kind='move_hole', @@ -385,7 +385,7 @@ def kick(v, pid): g.db.add(ma) if v.id != post.author_id: - if v.admin_level >= 3: position = 'Admin' + if v.admin_level >= PERMS['GLOBAL_MODERATION']: position = 'Admin' else: position = 'Mod' message = f"@{v.username} ({position}) has moved [{post.title}]({post.shortlink}) from /h/{old} to the main feed!" send_repeatable_notification(post.author_id, message) diff --git a/files/routes/users.py b/files/routes/users.py index 60ba32b0a3..1bdaf148c6 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -26,7 +26,7 @@ from .login import check_for_alts @auth_required def upvoters_posts(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -48,7 +48,7 @@ def upvoters_posts(v, username, uid): @auth_required def upvoters_comments(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -70,7 +70,7 @@ def upvoters_comments(v, username, uid): @auth_required def downvoters_posts(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -92,7 +92,7 @@ def downvoters_posts(v, username, uid): @auth_required def downvoters_comments(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -117,7 +117,7 @@ def downvoters_comments(v, username, uid): @auth_required def upvoting_posts(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -139,7 +139,7 @@ def upvoting_posts(v, username, uid): @auth_required def upvoting_comments(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -161,7 +161,7 @@ def upvoting_comments(v, username, uid): @auth_required def downvoting_posts(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -183,7 +183,7 @@ def downvoting_posts(v, username, uid): @auth_required def downvoting_comments(v, username, uid): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) id = u.id uid = int(uid) @@ -205,7 +205,7 @@ def downvoting_comments(v, username, uid): @auth_required def user_upvoted_posts(v, username): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) page = max(1, int(request.values.get("page", 1))) @@ -231,7 +231,7 @@ def user_upvoted_posts(v, username): @auth_required def user_upvoted_comments(v, username): u = get_user(username, v=v, include_shadowbanned=False) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) page = max(1, int(request.values.get("page", 1))) @@ -674,7 +674,7 @@ def message2(v, username): if hasattr(user, 'is_blocking') and user.is_blocking: return {"error": "You're blocking this user."}, 403 - if v.admin_level <= 1 and hasattr(user, 'is_blocked') and user.is_blocked: + if v.admin_level <= PERMS['MESSAGE_BLOCKED_USERS'] and hasattr(user, 'is_blocked') and user.is_blocked: return {"error": "This user is blocking you."}, 403 message = request.values.get("message", "").strip()[:10000].strip() @@ -810,7 +810,7 @@ def messagereply(v): if c.top_comment.sentto == 2: - admins = g.db.query(User.id).filter(User.admin_level > 2, User.id != v.id) + admins = g.db.query(User.id).filter(User.admin_level >= PERMS['NOTIFICATIONS_MODMAIL'], User.id != v.id) if SITE == 'watchpeopledie.co': admins = admins.filter(User.id != AEVANN_ID) @@ -961,7 +961,7 @@ def u_username(username, v=None): g.db.commit() - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): return {"error": "This userpage is private"}, 403 @@ -1049,7 +1049,7 @@ def u_username_comments(username, v=None): return render_template("userpage_reserved.html", u=u, v=v) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): return {"error": "This userpage is private"}, 403 return render_template("userpage_private.html", u=u, v=v) @@ -1074,7 +1074,7 @@ def u_username_comments(username, v=None): Comment.parent_submission != None ) - if not v or (v.id != u.id and v.admin_level < 2): + if not v or (v.id != u.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']): comments = comments.filter( Comment.is_banned == False, Comment.ghost == False, diff --git a/files/templates/admin/admin_home.html b/files/templates/admin/admin_home.html index 7b0098db17..2bc0050e35 100644 --- a/files/templates/admin/admin_home.html +++ b/files/templates/admin/admin_home.html @@ -10,19 +10,21 @@ 


 
Admin Tools

 
-{% if v.admin_level > 2 and (SITE_NAME == 'rDrama' or SIDEBAR_THREAD or BANNER_THREAD or BADGE_THREAD or SNAPPY_THREAD) %}
+{% if (v.admin_level >= PERMS['SITE_SETTINGS_SIDEBARS_BANNERS_BADGES'] or v.admin_level >= PERMS['SITE_SETTINGS_SNAPPY_QUOTES']) and (SITE_NAME == 'rDrama' or SIDEBAR_THREAD or BANNER_THREAD or BADGE_THREAD or SNAPPY_THREAD) %}
 	
Add Stuff