From a2106d191ac4c43714bf9e3685ef5625e0519440 Mon Sep 17 00:00:00 2001 From: Aevann Date: Sat, 22 Jul 2023 17:40:23 +0300 Subject: [PATCH] disasllow ppl from publishing drafts while banned --- files/routes/comments.py | 4 +--- files/routes/posts.py | 6 ++---- files/routes/wrappers.py | 11 ++++++++++- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/files/routes/comments.py b/files/routes/comments.py index 3eafe42b6..b9404f3eb 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -86,10 +86,8 @@ def post_pid_comment_cid(cid, v, pid=None, anything=None, sub=None): @limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit("20/minute;200/hour;1000/day", deduct_when=lambda response: response.status_code < 400) @limiter.limit("20/minute;200/hour;1000/day", deduct_when=lambda response: response.status_code < 400, key_func=get_ID) -@auth_required +@is_not_banned def comment(v:User): - if v.is_suspended: abort(403, "You can't perform this action while banned!") - parent_fullname = request.values.get("parent_fullname").strip() if len(parent_fullname) < 3: abort(400) id = parent_fullname[2:] diff --git a/files/routes/posts.py b/files/routes/posts.py index 052dc2ffb..8fb3aaf50 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -35,7 +35,7 @@ from files.__main__ import app, limiter, redis_instance @limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) -@auth_required +@is_not_banned def publish(pid, v): p = get_post(pid) if not p.private: return {"message": "Post published!"} @@ -455,7 +455,7 @@ def is_repost(v): @limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit(POST_RATELIMIT, deduct_when=lambda response: response.status_code < 400) @limiter.limit(POST_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) -@auth_required +@is_not_banned def submit_post(v:User, sub=None): url = request.values.get("url", "").strip() @@ -496,8 +496,6 @@ def submit_post(v:User, sub=None): if not sub and HOLE_REQUIRED: abort(400, f"You must choose a {HOLE_NAME} for your post!") - if v.is_suspended: abort(400, "You can't perform this action while banned!") - if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): abort(400, "You have to type more than 280 characters!") elif v.bird and len(body) > 140: diff --git a/files/routes/wrappers.py b/files/routes/wrappers.py index c43e53208..125915a69 100644 --- a/files/routes/wrappers.py +++ b/files/routes/wrappers.py @@ -155,11 +155,20 @@ def auth_required(f): wrapper.__name__ = f.__name__ return wrapper +def is_not_banned(f): + def wrapper(*args, **kwargs): + v = get_logged_in_user() + if not v: abort(401) + if v.is_suspended: abort(403, "You can't perform this action while banned!") + return make_response(f(*args, v=v, **kwargs)) + wrapper.__name__ = f.__name__ + return wrapper + def is_not_permabanned(f): def wrapper(*args, **kwargs): v = get_logged_in_user() if not v: abort(401) - if v.is_permabanned: abort(403) + if v.is_permabanned: abort(403, "You can't perform this action while permabanned!") return make_response(f(*args, v=v, **kwargs)) wrapper.__name__ = f.__name__ return wrapper