From 09f76d917d379038487750bbe2bed9cd97901dd4 Mon Sep 17 00:00:00 2001 From: justcool393 Date: Wed, 2 Nov 2022 20:22:22 -0500 Subject: [PATCH] permissions: check if user can dump internal cache before attempting to do it --- files/routes/admin.py | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/files/routes/admin.py b/files/routes/admin.py index 276c73217..94de42ee7 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -477,9 +477,10 @@ def change_settings(v, setting): @app.post("/admin/purge_cache") @admin_level_required(PERMS['SITE_CACHE_PURGE_CDN']) def purge_cache(v): - online = cache.get(ONLINE_STR) - cache.clear() - cache.set(ONLINE_STR, online) + if v.admin_level >= PERMS['SITE_CACHE_DUMP_INTERNAL']: + online = cache.get(ONLINE_STR) + cache.clear() + cache.set(ONLINE_STR, online) if not purge_entire_cache(): abort(400, 'Failed to purge cache') ma = ModAction( @@ -489,6 +490,20 @@ def purge_cache(v): g.db.add(ma) return {"message": "Cache purged!"} +@app.get("/admin/dump_cache") +@admin_level_required(PERMS['SITE_CACHE_DUMP_INTERNAL']) +def admin_dump_cache(v): + online = cache.get(ONLINE_STR) + cache.clear() + cache.set(ONLINE_STR, online) + + ma = ModAction( + kind="dump_cache", + user_id=v.id + ) + g.db.add(ma) + + return {"message": "Internal cache cleared."} @app.post("/admin/under_attack") @admin_level_required(PERMS['SITE_SETTINGS_UNDER_ATTACK']) @@ -1363,22 +1378,6 @@ def admin_distinguish_comment(c_id, v): if comment.distinguish_level: return {"message": "Comment distinguished!"} else: return {"message": "Comment undistinguished!"} -@app.get("/admin/dump_cache") -@admin_level_required(PERMS['SITE_CACHE_DUMP_INTERNAL']) -def admin_dump_cache(v): - online = cache.get(ONLINE_STR) - cache.clear() - cache.set(ONLINE_STR, online) - - ma = ModAction( - kind="dump_cache", - user_id=v.id - ) - g.db.add(ma) - - return {"message": "Internal cache cleared."} - - @app.get("/admin/banned_domains/") @admin_level_required(PERMS['DOMAINS_BAN']) def admin_banned_domains(v):