From 7551add5d88692ff10c927f29d8161ac67481e6b Mon Sep 17 00:00:00 2001 From: Snakes Date: Sun, 27 Nov 2022 17:02:18 -0500 Subject: [PATCH] Unify admin badge page listings source. --- files/routes/admin.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/files/routes/admin.py b/files/routes/admin.py index a5c4ed96e..f1af90999 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -508,19 +508,22 @@ def under_attack(v): g.db.add(ma) return {"message": f"Under attack mode {enable_disable_str}d!"} -@app.get("/admin/badge_grant") -@app.get("/admin/badge_remove") -@feature_required('BADGES') -@admin_level_required(PERMS['USER_BADGES']) -def badge_grant_get(v): - grant = request.url.endswith("grant") - +def admin_badges_grantable_list(v): query = g.db.query(BadgeDef) if BADGE_BLACKLIST and v.id != AEVANN_ID and SITE != 'pcmemes.net': query = query.filter(BadgeDef.id.notin_(BADGE_BLACKLIST)) if BADGE_WHITELIST: query = query.filter(BadgeDef.id.in_(BADGE_WHITELIST)) badge_types = query.order_by(BadgeDef.id).all() + return badge_types + +@app.get("/admin/badge_grant") +@app.get("/admin/badge_remove") +@feature_required('BADGES') +@admin_level_required(PERMS['USER_BADGES']) +def badge_grant_get(v): + grant = request.url.endswith("grant") + badge_types = admin_badges_grantable_list(v) return render_template("admin/badge_admin.html", v=v, badge_types=badge_types, grant=grant) @@ -530,7 +533,7 @@ def badge_grant_get(v): @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_BADGES']) def badge_grant_post(v): - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() + badges = admin_badges_grantable_list(v) user = get_user(request.values.get("username").strip(), graceful=True) if not user: @@ -539,10 +542,7 @@ def badge_grant_post(v): try: badge_id = int(request.values.get("badge_id")) except: abort(400) - if BADGE_WHITELIST and badge_id not in BADGE_WHITELIST: - abort(403) - elif (BADGE_BLACKLIST and badge_id in BADGE_BLACKLIST - and v.id != AEVANN_ID and SITE != 'pcmemes.net'): + if badge_id not in [b.id for b in badges]: abort(403) if user.has_badge(badge_id): @@ -581,7 +581,7 @@ def badge_grant_post(v): @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_BADGES']) def badge_remove_post(v): - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() + badges = admin_badges_grantable_list(v) user = get_user(request.values.get("username").strip(), graceful=True) if not user: @@ -590,7 +590,7 @@ def badge_remove_post(v): try: badge_id = int(request.values.get("badge_id")) except: abort(400) - if badge_id in {67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net': + if badge_id not in [b.id for b in badges]: abort(403) badge = user.has_badge(badge_id)