forked from MarseyWorld/MarseyWorld
use usernames instead of ids in GET urls visible to users whenever u can
parent
c7b7eb26e1
commit
13173376a4
|
|
@ -1,7 +1,7 @@
|
||||||
|
|
||||||
from flask import *
|
from flask import *
|
||||||
from sqlalchemy import and_, any_, or_
|
from sqlalchemy import and_, any_, or_
|
||||||
from sqlalchemy.orm import joinedload, Query
|
from sqlalchemy.orm import joinedload, Query, load_only
|
||||||
|
|
||||||
from files.classes import Comment, CommentVote, Hat, Sub, Post, User, UserBlock, Vote
|
from files.classes import Comment, CommentVote, Hat, Sub, Post, User, UserBlock, Vote
|
||||||
from files.helpers.config.const import *
|
from files.helpers.config.const import *
|
||||||
|
|
@ -32,7 +32,7 @@ def get_id(username, graceful=False):
|
||||||
|
|
||||||
return user[0]
|
return user[0]
|
||||||
|
|
||||||
def get_user(username, v=None, graceful=False, include_blocks=False):
|
def get_user(username, v=None, graceful=False, include_blocks=False, id_only=False):
|
||||||
if not username:
|
if not username:
|
||||||
if graceful: return None
|
if graceful: return None
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
@ -51,6 +51,9 @@ def get_user(username, v=None, graceful=False, include_blocks=False):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if id_only:
|
||||||
|
user = user.options(load_only(User.id))
|
||||||
|
|
||||||
user = user.one_or_none()
|
user = user.one_or_none()
|
||||||
|
|
||||||
if not user:
|
if not user:
|
||||||
|
|
|
||||||
|
|
@ -142,15 +142,13 @@ def transfer_currency(v, username, currency_name, apply_tax):
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
return {"message": f"{amount - tax} {currency_name} have been transferred to @{receiver.username}"}
|
return {"message": f"{amount - tax} {currency_name} have been transferred to @{receiver.username}"}
|
||||||
|
|
||||||
def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, standalone):
|
def upvoters_downvoters(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v)
|
||||||
if not u.is_visible_to(v): abort(403)
|
if not u.is_visible_to(v): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
try:
|
|
||||||
uid = int(uid)
|
uid = get_user(username2, id_only=True).id
|
||||||
except:
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
page = get_page()
|
page = get_page()
|
||||||
|
|
||||||
|
|
@ -177,46 +175,44 @@ def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, sta
|
||||||
|
|
||||||
return render_template(template, total=total, listing=listing, page=page, v=v, standalone=standalone)
|
return render_template(template, total=total, listing=listing, page=page, v=v, standalone=standalone)
|
||||||
|
|
||||||
@app.get("/@<username>/upvoters/<int:uid>/posts")
|
@app.get("/@<username>/upvoters/@<username2>/posts")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoters_posts(v, username, uid):
|
def upvoters_posts(v, username, username2):
|
||||||
return upvoters_downvoters(v, username, uid, Post, Vote, 1, "userpage/voted_posts.html", None)
|
return upvoters_downvoters(v, username, username2, Post, Vote, 1, "userpage/voted_posts.html", None)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/@<username>/upvoters/<int:uid>/comments")
|
@app.get("/@<username>/upvoters/@<username2>/comments")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoters_comments(v, username, uid):
|
def upvoters_comments(v, username, username2):
|
||||||
return upvoters_downvoters(v, username, uid, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
return upvoters_downvoters(v, username, username2, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/@<username>/downvoters/<int:uid>/posts")
|
@app.get("/@<username>/downvoters/@<username2>/posts")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoters_posts(v, username, uid):
|
def downvoters_posts(v, username, username2):
|
||||||
return upvoters_downvoters(v, username, uid, Post, Vote, -1, "userpage/voted_posts.html", None)
|
return upvoters_downvoters(v, username, username2, Post, Vote, -1, "userpage/voted_posts.html", None)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/@<username>/downvoters/<int:uid>/comments")
|
@app.get("/@<username>/downvoters/@<username2>/comments")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoters_comments(v, username, uid):
|
def downvoters_comments(v, username, username2):
|
||||||
return upvoters_downvoters(v, username, uid, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
return upvoters_downvoters(v, username, username2, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
||||||
|
|
||||||
def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, standalone):
|
def upvoting_downvoting(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v)
|
||||||
if not u.is_visible_to(v): abort(403)
|
if not u.is_visible_to(v): abort(403)
|
||||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||||
id = u.id
|
id = u.id
|
||||||
try:
|
|
||||||
uid = int(uid)
|
uid = get_user(username2, id_only=True).id
|
||||||
except:
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
page = get_page()
|
page = get_page()
|
||||||
|
|
||||||
|
|
@ -243,36 +239,36 @@ def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, sta
|
||||||
|
|
||||||
return render_template(template, total=total, listing=listing, page=page, v=v, standalone=standalone)
|
return render_template(template, total=total, listing=listing, page=page, v=v, standalone=standalone)
|
||||||
|
|
||||||
@app.get("/@<username>/upvoting/<int:uid>/posts")
|
@app.get("/@<username>/upvoting/@<username2>/posts")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoting_posts(v, username, uid):
|
def upvoting_posts(v, username, username2):
|
||||||
return upvoting_downvoting(v, username, uid, Post, Vote, 1, "userpage/voted_posts.html", None)
|
return upvoting_downvoting(v, username, username2, Post, Vote, 1, "userpage/voted_posts.html", None)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/@<username>/upvoting/<int:uid>/comments")
|
@app.get("/@<username>/upvoting/@<username2>/comments")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def upvoting_comments(v, username, uid):
|
def upvoting_comments(v, username, username2):
|
||||||
return upvoting_downvoting(v, username, uid, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
return upvoting_downvoting(v, username, username2, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/@<username>/downvoting/<int:uid>/posts")
|
@app.get("/@<username>/downvoting/@<username2>/posts")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoting_posts(v, username, uid):
|
def downvoting_posts(v, username, username2):
|
||||||
return upvoting_downvoting(v, username, uid, Post, Vote, -1, "userpage/voted_posts.html", None)
|
return upvoting_downvoting(v, username, username2, Post, Vote, -1, "userpage/voted_posts.html", None)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/@<username>/downvoting/<int:uid>/comments")
|
@app.get("/@<username>/downvoting/@<username2>/comments")
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def downvoting_comments(v, username, uid):
|
def downvoting_comments(v, username, username2):
|
||||||
return upvoting_downvoting(v, username, uid, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
return upvoting_downvoting(v, username, username2, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
||||||
|
|
||||||
def user_voted(v, username, cls, vote_cls, template, standalone):
|
def user_voted(v, username, cls, vote_cls, template, standalone):
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v)
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@
|
||||||
<tr {% if v.id == user.id %}class="self"{% endif %}>
|
<tr {% if v.id == user.id %}class="self"{% endif %}>
|
||||||
<td>{{loop.index+PAGE_SIZE*(page-1)}}</td>
|
<td>{{loop.index+PAGE_SIZE*(page-1)}}</td>
|
||||||
<td>{% include "user_in_table.html" %}</td>
|
<td>{% include "user_in_table.html" %}</td>
|
||||||
<td><a href="{{request.path}}/{{user.id}}/posts">{{num}}</a></td>
|
<td><a href="{{request.path}}/@{{user.username}}/posts">{{num}}</a></td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if pos and (pos[0] > 25 or not pos[1]) %}
|
{% if pos and (pos[0] > 25 or not pos[1]) %}
|
||||||
|
|
@ -27,7 +27,7 @@
|
||||||
{% include "user_in_table.html" %}
|
{% include "user_in_table.html" %}
|
||||||
{% endwith %}
|
{% endwith %}
|
||||||
</td>
|
</td>
|
||||||
<td><a href="{{request.path}}/{{v.id}}/posts">{{pos[1]}}</a></td>
|
<td><a href="{{request.path}}/@{{v.username}}/posts">{{pos[1]}}</a></td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</tbody>
|
</tbody>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue