Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost

master
Aevann1 2022-09-30 23:07:56 +02:00
commit 08fc034973
8 changed files with 63 additions and 54 deletions

View File

@ -1,7 +1,7 @@
from files.classes import * from files.classes import *
from flask import g from flask import g
def get_id(username, v=None, graceful=False): def get_id(username, v=None, graceful=False, include_shadowbanned=True):
username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip() username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
@ -14,17 +14,14 @@ def get_id(username, v=None, graceful=False):
) )
).one_or_none() ).one_or_none()
if not user: if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))):
if not graceful: if not graceful: abort(404)
abort(404) else: return None
else:
return None
return user[0] return user[0]
def get_user(username, v=None, graceful=False, rendered=False): def get_user(username, v=None, graceful=False, rendered=False, include_blocks=False, include_shadowbanned=True):
if not username: if not username:
if not graceful: abort(404) if not graceful: abort(404)
else: return None else: return None
@ -42,11 +39,11 @@ def get_user(username, v=None, graceful=False, rendered=False):
user = user.one_or_none() user = user.one_or_none()
if not user: if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))):
if not graceful: abort(404) if not graceful: abort(404)
else: return None else: return None
if rendered and v: if rendered and v and include_blocks:
if v.id == user.id: if v.id == user.id:
user.is_blocked = False user.is_blocked = False
user.is_blocking = False user.is_blocking = False
@ -88,18 +85,21 @@ def get_users(usernames, graceful=False):
return users return users
def get_account(id, v=None, graceful=False): def get_account(id, v=None, graceful=False, include_blocks=False, include_shadowbanned=True):
try: id = int(id) try:
except: abort(404) id = int(id)
except:
user = g.db.get(User, id)
if not user:
if not graceful: abort(404) if not graceful: abort(404)
else: return None else: return None
if v: user = g.db.get(User, id)
if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))):
if not graceful: abort(404)
else: return None
if v and include_blocks:
block = g.db.query(UserBlock).filter( block = g.db.query(UserBlock).filter(
or_( or_(
and_( and_(

View File

@ -67,7 +67,7 @@ def submit_marsey(v):
if not tags_regex.fullmatch(tags): if not tags_regex.fullmatch(tags):
return error("Invalid tags!") return error("Invalid tags!")
author = get_user(username, graceful=True) author = get_user(username, v=v, graceful=True, include_shadowbanned=False)
if not author: if not author:
return error(f"A user with the name '{username}' was not found!") return error(f"A user with the name '{username}' was not found!")
@ -221,7 +221,7 @@ def submit_hat(v):
if not description_regex.fullmatch(description): if not description_regex.fullmatch(description):
return error("Invalid description!") return error("Invalid description!")
author = get_user(username, graceful=True) author = get_user(username, v=v, graceful=True, include_shadowbanned=False)
if not author: if not author:
return error(f"A user with the name '{username}' was not found!") return error(f"A user with the name '{username}' was not found!")

View File

@ -165,6 +165,7 @@ def award_thing(v, thing_type, id):
note = request.values.get("note", "").strip() note = request.values.get("note", "").strip()
author = thing.author author = thing.author
if author.shadowbanned: return {"error": f"This {thing_type} doesn't exist."}, 404
if SITE == 'rdrama.net' and author.id in (PIZZASHILL_ID, CARP_ID): if SITE == 'rdrama.net' and author.id in (PIZZASHILL_ID, CARP_ID):
return {"error": "This user is immune to awards."}, 403 return {"error": "This user is immune to awards."}, 403

View File

@ -273,7 +273,7 @@ def sign_up_post(v):
args = {"error": error} args = {"error": error}
if request.values.get("referred_by"): if request.values.get("referred_by"):
user = get_account(request.values.get("referred_by")) user = get_account(request.values.get("referred_by"), include_shadowbanned=False)
if user: args["ref"] = user.username if user: args["ref"] = user.username
return redirect(f"/signup?{urlencode(args)}") return redirect(f"/signup?{urlencode(args)}")

View File

@ -71,7 +71,7 @@ def searchposts(v):
if 'author' in criteria: if 'author' in criteria:
posts = posts.filter(Submission.ghost == False) posts = posts.filter(Submission.ghost == False)
author = get_user(criteria['author']) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if not author: return {"error": "User not found"}, 400 if not author: return {"error": "User not found"}, 400
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):
@ -208,7 +208,7 @@ def searchcomments(v):
if 'author' in criteria: if 'author' in criteria:
comments = comments.filter(Comment.ghost == False) comments = comments.filter(Comment.ghost == False)
author = get_user(criteria['author']) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if not author: return {"error": "User not found"}, 400 if not author: return {"error": "User not found"}, 400
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):

View File

@ -131,7 +131,7 @@ def log(v):
except: page = 1 except: page = 1
admin = request.values.get("admin") admin = request.values.get("admin")
if admin: admin_id = get_id(admin) if admin: admin_id = get_id(admin, v=v, include_shadowbanned=False)
else: admin_id = 0 else: admin_id = 0
kind = request.values.get("kind") kind = request.values.get("kind")

View File

@ -11,6 +11,7 @@ import tldextract
@app.post("/exile/post/<pid>") @app.post("/exile/post/<pid>")
@is_not_permabanned @is_not_permabanned
def exile_post(v, pid): def exile_post(v, pid):
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
try: pid = int(pid) try: pid = int(pid)
except: abort(400) except: abort(400)
@ -46,6 +47,7 @@ def exile_post(v, pid):
@app.post("/exile/comment/<cid>") @app.post("/exile/comment/<cid>")
@is_not_permabanned @is_not_permabanned
def exile_comment(v, cid): def exile_comment(v, cid):
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
try: cid = int(cid) try: cid = int(cid)
except: abort(400) except: abort(400)
@ -83,6 +85,7 @@ def unexile(v, sub, uid):
u = get_account(uid) u = get_account(uid)
if not v.mods(sub): abort(403) if not v.mods(sub): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/exilees')
if u.exiled_from(sub): if u.exiled_from(sub):
exile = g.db.query(Exile).filter_by(user_id=u.id, sub=sub).one_or_none() exile = g.db.query(Exile).filter_by(user_id=u.id, sub=sub).one_or_none()
@ -263,12 +266,13 @@ def add_mod(v, sub):
sub = sub.name sub = sub.name
if not v.mods(sub): abort(403) if not v.mods(sub): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/mods')
user = request.values.get('user') user = request.values.get('user')
if not user: abort(400) if not user: abort(400)
user = get_user(user) user = get_user(user, v=v, include_shadowbanned=False)
if sub in ('furry','vampire','racist','femboy') and not v.client and not user.house.lower().startswith(sub): if sub in ('furry','vampire','racist','femboy') and not v.client and not user.house.lower().startswith(sub):
return {"error": f"@{user.username} needs to be a member of House {sub.capitalize()} to be added as a mod there!"}, 400 return {"error": f"@{user.username} needs to be a member of House {sub.capitalize()} to be added as a mod there!"}, 400
@ -301,6 +305,7 @@ def remove_mod(v, sub):
sub = sub.name sub = sub.name
if not v.mods(sub): abort(403) if not v.mods(sub): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/mods')
uid = request.values.get('uid') uid = request.values.get('uid')
@ -385,6 +390,7 @@ def kick(v, pid):
if not post.sub: abort(403) if not post.sub: abort(403)
if not v.mods(post.sub): abort(403) if not v.mods(post.sub): abort(403)
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
old = post.sub old = post.sub
post.sub = None post.sub = None
@ -439,6 +445,7 @@ def post_sub_sidebar(v, sub):
if not sub: abort(404) if not sub: abort(404)
if not v.mods(sub.name): abort(403) if not v.mods(sub.name): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
sub.sidebar = request.values.get('sidebar', '').strip()[:10000] sub.sidebar = request.values.get('sidebar', '').strip()[:10000]
sub.sidebar_html = sanitize(sub.sidebar) sub.sidebar_html = sanitize(sub.sidebar)
@ -466,6 +473,7 @@ def post_sub_css(v, sub):
if not sub: abort(404) if not sub: abort(404)
if not v.mods(sub.name): abort(403) if not v.mods(sub.name): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
if len(css) > 6000: if len(css) > 6000:
error = "CSS is too long (max 6000 characters)" error = "CSS is too long (max 6000 characters)"
@ -508,6 +516,7 @@ def sub_banner(v, sub):
if not sub: abort(404) if not sub: abort(404)
if not v.mods(sub.name): abort(403) if not v.mods(sub.name): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
file = request.files["banner"] file = request.files["banner"]
@ -542,6 +551,7 @@ def sub_sidebar(v, sub):
if not sub: abort(404) if not sub: abort(404)
if not v.mods(sub.name): abort(403) if not v.mods(sub.name): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
file = request.files["sidebar"] file = request.files["sidebar"]
name = f'/images/{time.time()}'.replace('.','') + '.webp' name = f'/images/{time.time()}'.replace('.','') + '.webp'
@ -575,6 +585,7 @@ def sub_marsey(v, sub):
if not sub: abort(404) if not sub: abort(404)
if not v.mods(sub.name): abort(403) if not v.mods(sub.name): abort(403)
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
file = request.files["marsey"] file = request.files["marsey"]
name = f'/images/{time.time()}'.replace('.','') + '.webp' name = f'/images/{time.time()}'.replace('.','') + '.webp'

View File

@ -61,7 +61,7 @@ gevent.spawn(leaderboard_thread)
@app.get("/@<username>/upvoters/<uid>/posts") @app.get("/@<username>/upvoters/<uid>/posts")
@auth_required @auth_required
def upvoters_posts(v, username, uid): def upvoters_posts(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -83,7 +83,7 @@ def upvoters_posts(v, username, uid):
@app.get("/@<username>/upvoters/<uid>/comments") @app.get("/@<username>/upvoters/<uid>/comments")
@auth_required @auth_required
def upvoters_comments(v, username, uid): def upvoters_comments(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -105,7 +105,7 @@ def upvoters_comments(v, username, uid):
@app.get("/@<username>/downvoters/<uid>/posts") @app.get("/@<username>/downvoters/<uid>/posts")
@auth_required @auth_required
def downvoters_posts(v, username, uid): def downvoters_posts(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -127,7 +127,7 @@ def downvoters_posts(v, username, uid):
@app.get("/@<username>/downvoters/<uid>/comments") @app.get("/@<username>/downvoters/<uid>/comments")
@auth_required @auth_required
def downvoters_comments(v, username, uid): def downvoters_comments(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -152,7 +152,7 @@ def downvoters_comments(v, username, uid):
@app.get("/@<username>/upvoting/<uid>/posts") @app.get("/@<username>/upvoting/<uid>/posts")
@auth_required @auth_required
def upvoting_posts(v, username, uid): def upvoting_posts(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -174,7 +174,7 @@ def upvoting_posts(v, username, uid):
@app.get("/@<username>/upvoting/<uid>/comments") @app.get("/@<username>/upvoting/<uid>/comments")
@auth_required @auth_required
def upvoting_comments(v, username, uid): def upvoting_comments(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -196,7 +196,7 @@ def upvoting_comments(v, username, uid):
@app.get("/@<username>/downvoting/<uid>/posts") @app.get("/@<username>/downvoting/<uid>/posts")
@auth_required @auth_required
def downvoting_posts(v, username, uid): def downvoting_posts(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -218,7 +218,7 @@ def downvoting_posts(v, username, uid):
@app.get("/@<username>/downvoting/<uid>/comments") @app.get("/@<username>/downvoting/<uid>/comments")
@auth_required @auth_required
def downvoting_comments(v, username, uid): def downvoting_comments(v, username, uid):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
id = u.id id = u.id
@ -240,7 +240,7 @@ def downvoting_comments(v, username, uid):
@app.get("/@<username>/upvoted/posts") @app.get("/@<username>/upvoted/posts")
@auth_required @auth_required
def user_upvoted_posts(v, username): def user_upvoted_posts(v, username):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
@ -266,7 +266,7 @@ def user_upvoted_posts(v, username):
@app.get("/@<username>/upvoted/comments") @app.get("/@<username>/upvoted/comments")
@auth_required @auth_required
def user_upvoted_comments(v, username): def user_upvoted_comments(v, username):
u = get_user(username) u = get_user(username, v=v, include_shadowbanned=False)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403) if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
@ -314,7 +314,7 @@ def agendaposters(v):
@app.get("/@<username>/upvoters") @app.get("/@<username>/upvoters")
@auth_required @auth_required
def upvoters(v, username): def upvoters(v, username):
id = get_user(username).id id = get_user(username, v=v, include_shadowbanned=False).id
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
abort(403) abort(403)
@ -347,7 +347,7 @@ def upvoters(v, username):
@app.get("/@<username>/downvoters") @app.get("/@<username>/downvoters")
@auth_required @auth_required
def downvoters(v, username): def downvoters(v, username):
id = get_user(username).id id = get_user(username, v=v, include_shadowbanned=False).id
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
abort(403) abort(403)
@ -378,7 +378,7 @@ def downvoters(v, username):
@app.get("/@<username>/upvoting") @app.get("/@<username>/upvoting")
@auth_required @auth_required
def upvoting(v, username): def upvoting(v, username):
id = get_user(username).id id = get_user(username, v=v, include_shadowbanned=False).id
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
abort(403) abort(403)
@ -409,7 +409,7 @@ def upvoting(v, username):
@app.get("/@<username>/downvoting") @app.get("/@<username>/downvoting")
@auth_required @auth_required
def downvoting(v, username): def downvoting(v, username):
id = get_user(username).id id = get_user(username, v=v, include_shadowbanned=False).id
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
abort(403) abort(403)
@ -457,7 +457,7 @@ def suicide(v, username):
@app.get("/@<username>/coins") @app.get("/@<username>/coins")
@auth_required @auth_required
def get_coins(v, username): def get_coins(v, username):
user = get_user(username) user = get_user(username, v=v, include_shadowbanned=False)
if user != None: return {"coins": user.coins}, 200 if user != None: return {"coins": user.coins}, 200
else: return {"error": "invalid_user"}, 404 else: return {"error": "invalid_user"}, 404
@ -466,7 +466,7 @@ def get_coins(v, username):
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@is_not_permabanned @is_not_permabanned
def transfer_coins(v, username): def transfer_coins(v, username):
receiver = get_user(username) receiver = get_user(username, v=v, include_shadowbanned=False)
if receiver is None: return {"error": "This user doesn't exist."}, 404 if receiver is None: return {"error": "This user doesn't exist."}, 404
@ -511,7 +511,7 @@ def transfer_coins(v, username):
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@is_not_permabanned @is_not_permabanned
def transfer_bux(v, username): def transfer_bux(v, username):
receiver = get_user(username) receiver = get_user(username, v=v, include_shadowbanned=False)
if not receiver: return {"error": "This user doesn't exist."}, 404 if not receiver: return {"error": "This user doesn't exist."}, 404
@ -741,7 +741,7 @@ def unsubscribe(v, post_id):
@limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@is_not_permabanned @is_not_permabanned
def message2(v, username): def message2(v, username):
user = get_user(username, v=v) user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
if hasattr(user, 'is_blocking') and user.is_blocking: if hasattr(user, 'is_blocking') and user.is_blocking:
return {"error": "You're blocking this user."}, 403 return {"error": "You're blocking this user."}, 403
@ -955,7 +955,7 @@ def redditor_moment_redirect(username, v):
@app.get("/@<username>/followers") @app.get("/@<username>/followers")
@auth_required @auth_required
def followers(username, v): def followers(username, v):
u = get_user(username, v=v) u = get_user(username, v=v, include_shadowbanned=False)
if u.id == CARP_ID and SITE == 'watchpeopledie.co': abort(403) if u.id == CARP_ID and SITE == 'watchpeopledie.co': abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']): if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
@ -969,7 +969,7 @@ def followers(username, v):
@app.get("/@<username>/blockers") @app.get("/@<username>/blockers")
@auth_required @auth_required
def blockers(username, v): def blockers(username, v):
u = get_user(username, v=v) u = get_user(username, v=v, include_shadowbanned=False)
users = g.db.query(UserBlock, User).join(UserBlock, UserBlock.target_id == u.id) \ users = g.db.query(UserBlock, User).join(UserBlock, UserBlock.target_id == u.id) \
.filter(UserBlock.user_id == User.id) \ .filter(UserBlock.user_id == User.id) \
@ -979,7 +979,7 @@ def blockers(username, v):
@app.get("/@<username>/following") @app.get("/@<username>/following")
@auth_required @auth_required
def following(username, v): def following(username, v):
u = get_user(username, v=v) u = get_user(username, v=v, include_shadowbanned=False)
if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']): if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
abort(403) abort(403)
@ -1003,7 +1003,7 @@ def visitors(v):
@auth_desired_with_logingate @auth_desired_with_logingate
def u_username(username, v=None): def u_username(username, v=None):
u = get_user(username, v=v, rendered=True) u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False, rendered=True)
if v and username == v.username: if v and username == v.username:
is_following = False is_following = False
@ -1020,9 +1020,6 @@ def u_username(username, v=None):
return render_template("userpage_reserved.html", u=u, v=v) return render_template("userpage_reserved.html", u=u, v=v)
if u.shadowbanned and not (v and (v.admin_level >= 2 or v.shadowbanned)):
abort(404)
if v and v.id not in (u.id, DAD_ID) and u.viewers_recorded: if v and v.id not in (u.id, DAD_ID) and u.viewers_recorded:
g.db.flush() g.db.flush()
view = g.db.query(ViewerRelationship).filter_by(viewer_id=v.id, user_id=u.id).one_or_none() view = g.db.query(ViewerRelationship).filter_by(viewer_id=v.id, user_id=u.id).one_or_none()
@ -1104,7 +1101,7 @@ def u_username(username, v=None):
@auth_desired_with_logingate @auth_desired_with_logingate
def u_username_comments(username, v=None): def u_username_comments(username, v=None):
user = get_user(username, v=v, rendered=True) user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False, rendered=True)
if v and username == v.username: if v and username == v.username:
is_following = False is_following = False
@ -1179,7 +1176,7 @@ def u_username_comments(username, v=None):
@auth_required @auth_required
def u_username_info(username, v=None): def u_username_info(username, v=None):
user=get_user(username, v=v) user=get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
if hasattr(user, 'is_blocking') and user.is_blocking: if hasattr(user, 'is_blocking') and user.is_blocking:
return {"error": "You're blocking this user."}, 401 return {"error": "You're blocking this user."}, 401
@ -1192,7 +1189,7 @@ def u_username_info(username, v=None):
@auth_required @auth_required
def u_user_id_info(id, v=None): def u_user_id_info(id, v=None):
user=get_account(id, v=v) user=get_account(id, v=v, include_blocks=True, include_shadowbanned=False)
if hasattr(user, 'is_blocking') and user.is_blocking: if hasattr(user, 'is_blocking') and user.is_blocking:
return {"error": "You're blocking this user."}, 401 return {"error": "You're blocking this user."}, 401
@ -1207,7 +1204,7 @@ def u_user_id_info(id, v=None):
@auth_required @auth_required
def follow_user(username, v): def follow_user(username, v):
target = get_user(username) target = get_user(username, v=v, include_shadowbanned=False)
if target.id==v.id: if target.id==v.id:
return {"error": "You can't follow yourself!"}, 400 return {"error": "You can't follow yourself!"}, 400