users: add is_visible_to function for checking user visibility to a certain other user

files/classes/user.py

@@ -743,6 +743,12 @@ class User(Base):
 	def has_follower(self, user):
 		if not user or self.id == user.id: return False # users can't follow themselves
 		return g.db.query(Follow).filter_by(target_id=self.id, user_id=user.id).one_or_none()
+	
+	@lazy
+	def is_visible_to(self, user) -> bool:
+		if not self.is_private: return True
+		if self.id == user.id: return True
+		return user.admin_level >= PERMS['VIEW_PRIVATE_PROFILES'] or user.eye
 
 	@property
 	@lazy
@@ -972,7 +978,6 @@ class User(Base):
 	def can_see_shadowbanned(self):
 		return (self.admin_level >= PERMS['USER_SHADOWBAN']) or self.shadowbanned
 
-
 	@property
 	@lazy
 	def unmutable(self):

files/routes/search.py

@@ -70,7 +70,7 @@ def searchposts(v):
 	if 'author' in criteria:
 		posts = posts.filter(Submission.ghost == False)
 		author = get_user(criteria['author'], v=v, include_shadowbanned=False)
-		if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
+		if not author.is_visible_to(v):
 			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
 			return render_template("search.html",
@@ -195,7 +195,7 @@ def searchcomments(v):
 	if 'author' in criteria:
 		comments = comments.filter(Comment.ghost == False)
 		author = get_user(criteria['author'], v=v, include_shadowbanned=False)
-		if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
+		if not author.is_visible_to(v):
 			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
 

files/routes/users.py

@@ -26,7 +26,7 @@ from .login import check_for_alts
 
 def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, standalone):
 	u = get_user(username, v=v, include_shadowbanned=False)
-	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403)
+	if not u.is_visible_to(v): abort(403)
 	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	try:
@@ -76,7 +76,7 @@ def downvoters_comments(v, username, uid):
 
 def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, standalone):
 	u = get_user(username, v=v, include_shadowbanned=False)
-	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403)
+	if not u.is_visible_to(v): abort(403)
 	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	try:
@@ -126,7 +126,7 @@ def downvoting_comments(v, username, uid):
 
 def user_voted(v, username, cls, vote_cls, vote_dir, template, standalone):
 	u = get_user(username, v=v, include_shadowbanned=False)
-	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403)
+	if not u.is_visible_to(v): abort(403)
 	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 
 	page = max(1, int(request.values.get("page", 1)))
@@ -659,7 +659,7 @@ def u_username(username, v=None):
 		g.db.commit()
 
 		
-	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
+	if not u.is_visible_to(v):
 		if g.is_api_or_xhr or request.path.endswith(".json"):
 			abort(403, "This userpage is private")
 
@@ -739,7 +739,7 @@ def u_username_comments(username, v=None):
 
 	u = user
 
-	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
+	if not u.is_visible_to(v):
 		if g.is_api_or_xhr or request.path.endswith(".json"):
 			abort(403, "This userpage is private")
 		return render_template("userpage_private.html", u=u, v=v)