diff --git a/files/routes/posts.py b/files/routes/posts.py index a18c6c7c8..723a065f7 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -111,6 +111,8 @@ def post_id(pid, anything=None, v=None): if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403) + if post.private and not (v and (v.admin_level > 1 or v.id == post.author.id)): abort(403) + if v: votes = g.db.query(CommentVote).filter_by(user_id=v.id).subquery() diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 5993154bf..b43b1f44d 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/default.html b/files/templates/default.html index c08809912..2d2cfdfd4 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -7,7 +7,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/log.html b/files/templates/log.html index d339cacec..6a2888b7c 100644 --- a/files/templates/log.html +++ b/files/templates/log.html @@ -6,7 +6,7 @@ {% block content %} {% if v %} - + {% if v.agendaposter %} - + {% endif %}
diff --git a/files/templates/login.html b/files/templates/login.html index 58d662a28..af3c8770a 100644 --- a/files/templates/login.html +++ b/files/templates/login.html @@ -18,7 +18,7 @@ {% endblock %} - + diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html index 031d6e5b1..8163787c2 100644 --- a/files/templates/login_2fa.html +++ b/files/templates/login_2fa.html @@ -14,7 +14,7 @@ 2-Step Login - {{SITE_NAME}} - + diff --git a/files/templates/settings.html b/files/templates/settings.html index 793cfc608..8f6d524e1 100644 --- a/files/templates/settings.html +++ b/files/templates/settings.html @@ -34,7 +34,7 @@ - + {% if v.agendaposter %} - + {% else %} - + {% endif %} diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html index a21f4067c..f8d800761 100644 --- a/files/templates/sign_up.html +++ b/files/templates/sign_up.html @@ -31,7 +31,7 @@ {% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}Sign up - {{SITE_NAME}}{% endif %} - + diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html index 64cd77180..d556482a2 100644 --- a/files/templates/sign_up_failed_ref.html +++ b/files/templates/sign_up_failed_ref.html @@ -32,7 +32,7 @@ {% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}{{SITE_NAME}}{% endif %} - + diff --git a/files/templates/submit.html b/files/templates/submit.html index 7b6fc2601..32c98ee59 100644 --- a/files/templates/submit.html +++ b/files/templates/submit.html @@ -26,7 +26,7 @@ {% block stylesheets %} {% if v %} - + {% if v.agendaposter %} - + {% endif %} {% endblock %} diff --git a/files/templates/userpage.html b/files/templates/userpage.html index 5203a362f..cdd376564 100644 --- a/files/templates/userpage.html +++ b/files/templates/userpage.html @@ -698,7 +698,7 @@
{{u.username}}
{% endif %} - + {% endblock %} diff --git a/files/templates/userpage_comments.html b/files/templates/userpage_comments.html index 41a3d9096..f3d7dc2c1 100644 --- a/files/templates/userpage_comments.html +++ b/files/templates/userpage_comments.html @@ -114,5 +114,5 @@
{{u.username}}
{% endif %} - + {% endblock %} \ No newline at end of file diff --git a/files/templates/userpage_private.html b/files/templates/userpage_private.html index 7d690c190..0a267ca8d 100644 --- a/files/templates/userpage_private.html +++ b/files/templates/userpage_private.html @@ -48,5 +48,5 @@
{{u.username}}
{% endif %} - + {% endblock %} \ No newline at end of file