forked from MarseyWorld/MarseyWorld
Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost
commit
08fc034973
|
@ -1,7 +1,7 @@
|
||||||
from files.classes import *
|
from files.classes import *
|
||||||
from flask import g
|
from flask import g
|
||||||
|
|
||||||
def get_id(username, v=None, graceful=False):
|
def get_id(username, v=None, graceful=False, include_shadowbanned=True):
|
||||||
|
|
||||||
username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
|
username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
|
||||||
|
|
||||||
|
@ -14,17 +14,14 @@ def get_id(username, v=None, graceful=False):
|
||||||
)
|
)
|
||||||
).one_or_none()
|
).one_or_none()
|
||||||
|
|
||||||
if not user:
|
if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))):
|
||||||
if not graceful:
|
if not graceful: abort(404)
|
||||||
abort(404)
|
else: return None
|
||||||
else:
|
|
||||||
return None
|
|
||||||
|
|
||||||
return user[0]
|
return user[0]
|
||||||
|
|
||||||
|
|
||||||
def get_user(username, v=None, graceful=False, rendered=False):
|
def get_user(username, v=None, graceful=False, rendered=False, include_blocks=False, include_shadowbanned=True):
|
||||||
|
|
||||||
if not username:
|
if not username:
|
||||||
if not graceful: abort(404)
|
if not graceful: abort(404)
|
||||||
else: return None
|
else: return None
|
||||||
|
@ -42,11 +39,11 @@ def get_user(username, v=None, graceful=False, rendered=False):
|
||||||
|
|
||||||
user = user.one_or_none()
|
user = user.one_or_none()
|
||||||
|
|
||||||
if not user:
|
if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))):
|
||||||
if not graceful: abort(404)
|
if not graceful: abort(404)
|
||||||
else: return None
|
else: return None
|
||||||
|
|
||||||
if rendered and v:
|
if rendered and v and include_blocks:
|
||||||
if v.id == user.id:
|
if v.id == user.id:
|
||||||
user.is_blocked = False
|
user.is_blocked = False
|
||||||
user.is_blocking = False
|
user.is_blocking = False
|
||||||
|
@ -88,18 +85,21 @@ def get_users(usernames, graceful=False):
|
||||||
|
|
||||||
return users
|
return users
|
||||||
|
|
||||||
def get_account(id, v=None, graceful=False):
|
def get_account(id, v=None, graceful=False, include_blocks=False, include_shadowbanned=True):
|
||||||
|
|
||||||
try: id = int(id)
|
try:
|
||||||
except: abort(404)
|
id = int(id)
|
||||||
|
except:
|
||||||
user = g.db.get(User, id)
|
|
||||||
|
|
||||||
if not user:
|
|
||||||
if not graceful: abort(404)
|
if not graceful: abort(404)
|
||||||
else: return None
|
else: return None
|
||||||
|
|
||||||
if v:
|
user = g.db.get(User, id)
|
||||||
|
|
||||||
|
if not user or (user.shadowbanned and not (include_shadowbanned or (v and (v.admin_level >= 2 or v.shadowbanned)))):
|
||||||
|
if not graceful: abort(404)
|
||||||
|
else: return None
|
||||||
|
|
||||||
|
if v and include_blocks:
|
||||||
block = g.db.query(UserBlock).filter(
|
block = g.db.query(UserBlock).filter(
|
||||||
or_(
|
or_(
|
||||||
and_(
|
and_(
|
||||||
|
|
|
@ -67,7 +67,7 @@ def submit_marsey(v):
|
||||||
if not tags_regex.fullmatch(tags):
|
if not tags_regex.fullmatch(tags):
|
||||||
return error("Invalid tags!")
|
return error("Invalid tags!")
|
||||||
|
|
||||||
author = get_user(username, graceful=True)
|
author = get_user(username, v=v, graceful=True, include_shadowbanned=False)
|
||||||
if not author:
|
if not author:
|
||||||
return error(f"A user with the name '{username}' was not found!")
|
return error(f"A user with the name '{username}' was not found!")
|
||||||
|
|
||||||
|
@ -221,7 +221,7 @@ def submit_hat(v):
|
||||||
if not description_regex.fullmatch(description):
|
if not description_regex.fullmatch(description):
|
||||||
return error("Invalid description!")
|
return error("Invalid description!")
|
||||||
|
|
||||||
author = get_user(username, graceful=True)
|
author = get_user(username, v=v, graceful=True, include_shadowbanned=False)
|
||||||
if not author:
|
if not author:
|
||||||
return error(f"A user with the name '{username}' was not found!")
|
return error(f"A user with the name '{username}' was not found!")
|
||||||
|
|
||||||
|
|
|
@ -165,6 +165,7 @@ def award_thing(v, thing_type, id):
|
||||||
note = request.values.get("note", "").strip()
|
note = request.values.get("note", "").strip()
|
||||||
|
|
||||||
author = thing.author
|
author = thing.author
|
||||||
|
if author.shadowbanned: return {"error": f"This {thing_type} doesn't exist."}, 404
|
||||||
|
|
||||||
if SITE == 'rdrama.net' and author.id in (PIZZASHILL_ID, CARP_ID):
|
if SITE == 'rdrama.net' and author.id in (PIZZASHILL_ID, CARP_ID):
|
||||||
return {"error": "This user is immune to awards."}, 403
|
return {"error": "This user is immune to awards."}, 403
|
||||||
|
|
|
@ -273,7 +273,7 @@ def sign_up_post(v):
|
||||||
|
|
||||||
args = {"error": error}
|
args = {"error": error}
|
||||||
if request.values.get("referred_by"):
|
if request.values.get("referred_by"):
|
||||||
user = get_account(request.values.get("referred_by"))
|
user = get_account(request.values.get("referred_by"), include_shadowbanned=False)
|
||||||
if user: args["ref"] = user.username
|
if user: args["ref"] = user.username
|
||||||
|
|
||||||
return redirect(f"/signup?{urlencode(args)}")
|
return redirect(f"/signup?{urlencode(args)}")
|
||||||
|
|
|
@ -71,7 +71,7 @@ def searchposts(v):
|
||||||
|
|
||||||
if 'author' in criteria:
|
if 'author' in criteria:
|
||||||
posts = posts.filter(Submission.ghost == False)
|
posts = posts.filter(Submission.ghost == False)
|
||||||
author = get_user(criteria['author'])
|
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
|
||||||
if not author: return {"error": "User not found"}, 400
|
if not author: return {"error": "User not found"}, 400
|
||||||
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
|
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
|
||||||
if request.headers.get("Authorization"):
|
if request.headers.get("Authorization"):
|
||||||
|
@ -208,7 +208,7 @@ def searchcomments(v):
|
||||||
|
|
||||||
if 'author' in criteria:
|
if 'author' in criteria:
|
||||||
comments = comments.filter(Comment.ghost == False)
|
comments = comments.filter(Comment.ghost == False)
|
||||||
author = get_user(criteria['author'])
|
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
|
||||||
if not author: return {"error": "User not found"}, 400
|
if not author: return {"error": "User not found"}, 400
|
||||||
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
|
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
|
||||||
if request.headers.get("Authorization"):
|
if request.headers.get("Authorization"):
|
||||||
|
|
|
@ -131,7 +131,7 @@ def log(v):
|
||||||
except: page = 1
|
except: page = 1
|
||||||
|
|
||||||
admin = request.values.get("admin")
|
admin = request.values.get("admin")
|
||||||
if admin: admin_id = get_id(admin)
|
if admin: admin_id = get_id(admin, v=v, include_shadowbanned=False)
|
||||||
else: admin_id = 0
|
else: admin_id = 0
|
||||||
|
|
||||||
kind = request.values.get("kind")
|
kind = request.values.get("kind")
|
||||||
|
|
|
@ -11,6 +11,7 @@ import tldextract
|
||||||
@app.post("/exile/post/<pid>")
|
@app.post("/exile/post/<pid>")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def exile_post(v, pid):
|
def exile_post(v, pid):
|
||||||
|
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
|
||||||
try: pid = int(pid)
|
try: pid = int(pid)
|
||||||
except: abort(400)
|
except: abort(400)
|
||||||
|
|
||||||
|
@ -46,6 +47,7 @@ def exile_post(v, pid):
|
||||||
@app.post("/exile/comment/<cid>")
|
@app.post("/exile/comment/<cid>")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def exile_comment(v, cid):
|
def exile_comment(v, cid):
|
||||||
|
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
|
||||||
try: cid = int(cid)
|
try: cid = int(cid)
|
||||||
except: abort(400)
|
except: abort(400)
|
||||||
|
|
||||||
|
@ -83,6 +85,7 @@ def unexile(v, sub, uid):
|
||||||
u = get_account(uid)
|
u = get_account(uid)
|
||||||
|
|
||||||
if not v.mods(sub): abort(403)
|
if not v.mods(sub): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/exilees')
|
||||||
|
|
||||||
if u.exiled_from(sub):
|
if u.exiled_from(sub):
|
||||||
exile = g.db.query(Exile).filter_by(user_id=u.id, sub=sub).one_or_none()
|
exile = g.db.query(Exile).filter_by(user_id=u.id, sub=sub).one_or_none()
|
||||||
|
@ -263,12 +266,13 @@ def add_mod(v, sub):
|
||||||
sub = sub.name
|
sub = sub.name
|
||||||
|
|
||||||
if not v.mods(sub): abort(403)
|
if not v.mods(sub): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/mods')
|
||||||
|
|
||||||
user = request.values.get('user')
|
user = request.values.get('user')
|
||||||
|
|
||||||
if not user: abort(400)
|
if not user: abort(400)
|
||||||
|
|
||||||
user = get_user(user)
|
user = get_user(user, v=v, include_shadowbanned=False)
|
||||||
|
|
||||||
if sub in ('furry','vampire','racist','femboy') and not v.client and not user.house.lower().startswith(sub):
|
if sub in ('furry','vampire','racist','femboy') and not v.client and not user.house.lower().startswith(sub):
|
||||||
return {"error": f"@{user.username} needs to be a member of House {sub.capitalize()} to be added as a mod there!"}, 400
|
return {"error": f"@{user.username} needs to be a member of House {sub.capitalize()} to be added as a mod there!"}, 400
|
||||||
|
@ -301,6 +305,7 @@ def remove_mod(v, sub):
|
||||||
sub = sub.name
|
sub = sub.name
|
||||||
|
|
||||||
if not v.mods(sub): abort(403)
|
if not v.mods(sub): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/mods')
|
||||||
|
|
||||||
uid = request.values.get('uid')
|
uid = request.values.get('uid')
|
||||||
|
|
||||||
|
@ -385,6 +390,7 @@ def kick(v, pid):
|
||||||
|
|
||||||
if not post.sub: abort(403)
|
if not post.sub: abort(403)
|
||||||
if not v.mods(post.sub): abort(403)
|
if not v.mods(post.sub): abort(403)
|
||||||
|
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
|
||||||
|
|
||||||
old = post.sub
|
old = post.sub
|
||||||
post.sub = None
|
post.sub = None
|
||||||
|
@ -439,6 +445,7 @@ def post_sub_sidebar(v, sub):
|
||||||
if not sub: abort(404)
|
if not sub: abort(404)
|
||||||
|
|
||||||
if not v.mods(sub.name): abort(403)
|
if not v.mods(sub.name): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
|
||||||
|
|
||||||
sub.sidebar = request.values.get('sidebar', '').strip()[:10000]
|
sub.sidebar = request.values.get('sidebar', '').strip()[:10000]
|
||||||
sub.sidebar_html = sanitize(sub.sidebar)
|
sub.sidebar_html = sanitize(sub.sidebar)
|
||||||
|
@ -466,6 +473,7 @@ def post_sub_css(v, sub):
|
||||||
|
|
||||||
if not sub: abort(404)
|
if not sub: abort(404)
|
||||||
if not v.mods(sub.name): abort(403)
|
if not v.mods(sub.name): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
|
||||||
|
|
||||||
if len(css) > 6000:
|
if len(css) > 6000:
|
||||||
error = "CSS is too long (max 6000 characters)"
|
error = "CSS is too long (max 6000 characters)"
|
||||||
|
@ -508,6 +516,7 @@ def sub_banner(v, sub):
|
||||||
if not sub: abort(404)
|
if not sub: abort(404)
|
||||||
|
|
||||||
if not v.mods(sub.name): abort(403)
|
if not v.mods(sub.name): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
|
||||||
|
|
||||||
file = request.files["banner"]
|
file = request.files["banner"]
|
||||||
|
|
||||||
|
@ -542,6 +551,7 @@ def sub_sidebar(v, sub):
|
||||||
if not sub: abort(404)
|
if not sub: abort(404)
|
||||||
|
|
||||||
if not v.mods(sub.name): abort(403)
|
if not v.mods(sub.name): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
|
||||||
|
|
||||||
file = request.files["sidebar"]
|
file = request.files["sidebar"]
|
||||||
name = f'/images/{time.time()}'.replace('.','') + '.webp'
|
name = f'/images/{time.time()}'.replace('.','') + '.webp'
|
||||||
|
@ -575,6 +585,7 @@ def sub_marsey(v, sub):
|
||||||
if not sub: abort(404)
|
if not sub: abort(404)
|
||||||
|
|
||||||
if not v.mods(sub.name): abort(403)
|
if not v.mods(sub.name): abort(403)
|
||||||
|
if v.shadowbanned: return redirect(f'/h/{sub}/settings')
|
||||||
|
|
||||||
file = request.files["marsey"]
|
file = request.files["marsey"]
|
||||||
name = f'/images/{time.time()}'.replace('.','') + '.webp'
|
name = f'/images/{time.time()}'.replace('.','') + '.webp'
|
||||||
|
|
|
@ -61,7 +61,7 @@ gevent.spawn(leaderboard_thread)
|
||||||
@app.get("/@<username>/upvoters/<uid>/posts")
|
@app.get("/@<username>/upvoters/<uid>/posts")
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoters_posts(v, username, uid):
|
def upvoters_posts(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -83,7 +83,7 @@ def upvoters_posts(v, username, uid):
|
||||||
@app.get("/@<username>/upvoters/<uid>/comments")
|
@app.get("/@<username>/upvoters/<uid>/comments")
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoters_comments(v, username, uid):
|
def upvoters_comments(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -105,7 +105,7 @@ def upvoters_comments(v, username, uid):
|
||||||
@app.get("/@<username>/downvoters/<uid>/posts")
|
@app.get("/@<username>/downvoters/<uid>/posts")
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoters_posts(v, username, uid):
|
def downvoters_posts(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -127,7 +127,7 @@ def downvoters_posts(v, username, uid):
|
||||||
@app.get("/@<username>/downvoters/<uid>/comments")
|
@app.get("/@<username>/downvoters/<uid>/comments")
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoters_comments(v, username, uid):
|
def downvoters_comments(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -152,7 +152,7 @@ def downvoters_comments(v, username, uid):
|
||||||
@app.get("/@<username>/upvoting/<uid>/posts")
|
@app.get("/@<username>/upvoting/<uid>/posts")
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoting_posts(v, username, uid):
|
def upvoting_posts(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -174,7 +174,7 @@ def upvoting_posts(v, username, uid):
|
||||||
@app.get("/@<username>/upvoting/<uid>/comments")
|
@app.get("/@<username>/upvoting/<uid>/comments")
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoting_comments(v, username, uid):
|
def upvoting_comments(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -196,7 +196,7 @@ def upvoting_comments(v, username, uid):
|
||||||
@app.get("/@<username>/downvoting/<uid>/posts")
|
@app.get("/@<username>/downvoting/<uid>/posts")
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoting_posts(v, username, uid):
|
def downvoting_posts(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -218,7 +218,7 @@ def downvoting_posts(v, username, uid):
|
||||||
@app.get("/@<username>/downvoting/<uid>/comments")
|
@app.get("/@<username>/downvoting/<uid>/comments")
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoting_comments(v, username, uid):
|
def downvoting_comments(v, username, uid):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
|
@ -240,7 +240,7 @@ def downvoting_comments(v, username, uid):
|
||||||
@app.get("/@<username>/upvoted/posts")
|
@app.get("/@<username>/upvoted/posts")
|
||||||
@auth_required
|
@auth_required
|
||||||
def user_upvoted_posts(v, username):
|
def user_upvoted_posts(v, username):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
|
|
||||||
|
@ -266,7 +266,7 @@ def user_upvoted_posts(v, username):
|
||||||
@app.get("/@<username>/upvoted/comments")
|
@app.get("/@<username>/upvoted/comments")
|
||||||
@auth_required
|
@auth_required
|
||||||
def user_upvoted_comments(v, username):
|
def user_upvoted_comments(v, username):
|
||||||
u = get_user(username)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
|
|
||||||
|
@ -314,7 +314,7 @@ def agendaposters(v):
|
||||||
@app.get("/@<username>/upvoters")
|
@app.get("/@<username>/upvoters")
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoters(v, username):
|
def upvoters(v, username):
|
||||||
id = get_user(username).id
|
id = get_user(username, v=v, include_shadowbanned=False).id
|
||||||
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -347,7 +347,7 @@ def upvoters(v, username):
|
||||||
@app.get("/@<username>/downvoters")
|
@app.get("/@<username>/downvoters")
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoters(v, username):
|
def downvoters(v, username):
|
||||||
id = get_user(username).id
|
id = get_user(username, v=v, include_shadowbanned=False).id
|
||||||
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -378,7 +378,7 @@ def downvoters(v, username):
|
||||||
@app.get("/@<username>/upvoting")
|
@app.get("/@<username>/upvoting")
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoting(v, username):
|
def upvoting(v, username):
|
||||||
id = get_user(username).id
|
id = get_user(username, v=v, include_shadowbanned=False).id
|
||||||
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -409,7 +409,7 @@ def upvoting(v, username):
|
||||||
@app.get("/@<username>/downvoting")
|
@app.get("/@<username>/downvoting")
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoting(v, username):
|
def downvoting(v, username):
|
||||||
id = get_user(username).id
|
id = get_user(username, v=v, include_shadowbanned=False).id
|
||||||
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -457,7 +457,7 @@ def suicide(v, username):
|
||||||
@app.get("/@<username>/coins")
|
@app.get("/@<username>/coins")
|
||||||
@auth_required
|
@auth_required
|
||||||
def get_coins(v, username):
|
def get_coins(v, username):
|
||||||
user = get_user(username)
|
user = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if user != None: return {"coins": user.coins}, 200
|
if user != None: return {"coins": user.coins}, 200
|
||||||
else: return {"error": "invalid_user"}, 404
|
else: return {"error": "invalid_user"}, 404
|
||||||
|
|
||||||
|
@ -466,7 +466,7 @@ def get_coins(v, username):
|
||||||
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def transfer_coins(v, username):
|
def transfer_coins(v, username):
|
||||||
receiver = get_user(username)
|
receiver = get_user(username, v=v, include_shadowbanned=False)
|
||||||
|
|
||||||
if receiver is None: return {"error": "This user doesn't exist."}, 404
|
if receiver is None: return {"error": "This user doesn't exist."}, 404
|
||||||
|
|
||||||
|
@ -511,7 +511,7 @@ def transfer_coins(v, username):
|
||||||
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def transfer_bux(v, username):
|
def transfer_bux(v, username):
|
||||||
receiver = get_user(username)
|
receiver = get_user(username, v=v, include_shadowbanned=False)
|
||||||
|
|
||||||
if not receiver: return {"error": "This user doesn't exist."}, 404
|
if not receiver: return {"error": "This user doesn't exist."}, 404
|
||||||
|
|
||||||
|
@ -741,7 +741,7 @@ def unsubscribe(v, post_id):
|
||||||
@limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def message2(v, username):
|
def message2(v, username):
|
||||||
user = get_user(username, v=v)
|
user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
|
||||||
|
|
||||||
if hasattr(user, 'is_blocking') and user.is_blocking:
|
if hasattr(user, 'is_blocking') and user.is_blocking:
|
||||||
return {"error": "You're blocking this user."}, 403
|
return {"error": "You're blocking this user."}, 403
|
||||||
|
@ -955,7 +955,7 @@ def redditor_moment_redirect(username, v):
|
||||||
@app.get("/@<username>/followers")
|
@app.get("/@<username>/followers")
|
||||||
@auth_required
|
@auth_required
|
||||||
def followers(username, v):
|
def followers(username, v):
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if u.id == CARP_ID and SITE == 'watchpeopledie.co': abort(403)
|
if u.id == CARP_ID and SITE == 'watchpeopledie.co': abort(403)
|
||||||
|
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
|
||||||
|
@ -969,7 +969,7 @@ def followers(username, v):
|
||||||
@app.get("/@<username>/blockers")
|
@app.get("/@<username>/blockers")
|
||||||
@auth_required
|
@auth_required
|
||||||
def blockers(username, v):
|
def blockers(username, v):
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
|
|
||||||
users = g.db.query(UserBlock, User).join(UserBlock, UserBlock.target_id == u.id) \
|
users = g.db.query(UserBlock, User).join(UserBlock, UserBlock.target_id == u.id) \
|
||||||
.filter(UserBlock.user_id == User.id) \
|
.filter(UserBlock.user_id == User.id) \
|
||||||
|
@ -979,7 +979,7 @@ def blockers(username, v):
|
||||||
@app.get("/@<username>/following")
|
@app.get("/@<username>/following")
|
||||||
@auth_required
|
@auth_required
|
||||||
def following(username, v):
|
def following(username, v):
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v, include_shadowbanned=False)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -1003,7 +1003,7 @@ def visitors(v):
|
||||||
@auth_desired_with_logingate
|
@auth_desired_with_logingate
|
||||||
def u_username(username, v=None):
|
def u_username(username, v=None):
|
||||||
|
|
||||||
u = get_user(username, v=v, rendered=True)
|
u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False, rendered=True)
|
||||||
|
|
||||||
if v and username == v.username:
|
if v and username == v.username:
|
||||||
is_following = False
|
is_following = False
|
||||||
|
@ -1020,9 +1020,6 @@ def u_username(username, v=None):
|
||||||
|
|
||||||
return render_template("userpage_reserved.html", u=u, v=v)
|
return render_template("userpage_reserved.html", u=u, v=v)
|
||||||
|
|
||||||
if u.shadowbanned and not (v and (v.admin_level >= 2 or v.shadowbanned)):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
if v and v.id not in (u.id, DAD_ID) and u.viewers_recorded:
|
if v and v.id not in (u.id, DAD_ID) and u.viewers_recorded:
|
||||||
g.db.flush()
|
g.db.flush()
|
||||||
view = g.db.query(ViewerRelationship).filter_by(viewer_id=v.id, user_id=u.id).one_or_none()
|
view = g.db.query(ViewerRelationship).filter_by(viewer_id=v.id, user_id=u.id).one_or_none()
|
||||||
|
@ -1104,7 +1101,7 @@ def u_username(username, v=None):
|
||||||
@auth_desired_with_logingate
|
@auth_desired_with_logingate
|
||||||
def u_username_comments(username, v=None):
|
def u_username_comments(username, v=None):
|
||||||
|
|
||||||
user = get_user(username, v=v, rendered=True)
|
user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False, rendered=True)
|
||||||
|
|
||||||
if v and username == v.username:
|
if v and username == v.username:
|
||||||
is_following = False
|
is_following = False
|
||||||
|
@ -1179,7 +1176,7 @@ def u_username_comments(username, v=None):
|
||||||
@auth_required
|
@auth_required
|
||||||
def u_username_info(username, v=None):
|
def u_username_info(username, v=None):
|
||||||
|
|
||||||
user=get_user(username, v=v)
|
user=get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
|
||||||
|
|
||||||
if hasattr(user, 'is_blocking') and user.is_blocking:
|
if hasattr(user, 'is_blocking') and user.is_blocking:
|
||||||
return {"error": "You're blocking this user."}, 401
|
return {"error": "You're blocking this user."}, 401
|
||||||
|
@ -1192,7 +1189,7 @@ def u_username_info(username, v=None):
|
||||||
@auth_required
|
@auth_required
|
||||||
def u_user_id_info(id, v=None):
|
def u_user_id_info(id, v=None):
|
||||||
|
|
||||||
user=get_account(id, v=v)
|
user=get_account(id, v=v, include_blocks=True, include_shadowbanned=False)
|
||||||
|
|
||||||
if hasattr(user, 'is_blocking') and user.is_blocking:
|
if hasattr(user, 'is_blocking') and user.is_blocking:
|
||||||
return {"error": "You're blocking this user."}, 401
|
return {"error": "You're blocking this user."}, 401
|
||||||
|
@ -1207,7 +1204,7 @@ def u_user_id_info(id, v=None):
|
||||||
@auth_required
|
@auth_required
|
||||||
def follow_user(username, v):
|
def follow_user(username, v):
|
||||||
|
|
||||||
target = get_user(username)
|
target = get_user(username, v=v, include_shadowbanned=False)
|
||||||
|
|
||||||
if target.id==v.id:
|
if target.id==v.id:
|
||||||
return {"error": "You can't follow yourself!"}, 400
|
return {"error": "You can't follow yourself!"}, 400
|
||||||
|
|
Loading…
Reference in New Issue