carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

don't duplicate checks for users

master
justcool393 2022-09-30 15:48:34 -07:00
parent 40c2360d00
commit 78b668a870
4 changed files with 3 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/routes/admin.py
View File

@ -300,11 +300,8 @@ def revert_actions(v, username):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@admin_level_required(2) @admin_level_required(2)
def club_allow(v, username): def club_allow(v, username):
u = get_user(username, v=v) u = get_user(username, v=v)
if not u: abort(404)
if u.admin_level >= v.admin_level: return {"error": "noob"}, 400 if u.admin_level >= v.admin_level: return {"error": "noob"}, 400
u.club_allowed = True u.club_allowed = True
@ -327,11 +324,8 @@ def club_allow(v, username):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@admin_level_required(2) @admin_level_required(2)
def club_ban(v, username): def club_ban(v, username):
u = get_user(username, v=v) u = get_user(username, v=v)
if not u: abort(404)
if u.admin_level >= v.admin_level: return {"error": "noob"}, 400 if u.admin_level >= v.admin_level: return {"error": "noob"}, 400
u.club_allowed = False u.club_allowed = False

2
files/routes/awards.py
View File

@ -467,7 +467,7 @@ def admin_userawards_post(v):
whitelist = ("shit", "fireflies", "train", "scooter", "wholesome", "tilt", "glowie") whitelist = ("shit", "fireflies", "train", "scooter", "wholesome", "tilt", "glowie")
u = get_user(u, graceful=False, v=v) u = get_user(u, v=v)
notify_awards = {} notify_awards = {}

2
files/routes/search.py
View File

@ -72,7 +72,6 @@ def searchposts(v):
if 'author' in criteria: if 'author' in criteria:
posts = posts.filter(Submission.ghost == False) posts = posts.filter(Submission.ghost == False)
author = get_user(criteria['author'], v=v, include_shadowbanned=False) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if not author: return {"error": "User not found"}, 400
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400
@ -209,7 +208,6 @@ def searchcomments(v):
if 'author' in criteria: if 'author' in criteria:
comments = comments.filter(Comment.ghost == False) comments = comments.filter(Comment.ghost == False)
author = get_user(criteria['author'], v=v, include_shadowbanned=False) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if not author: return {"error": "User not found"}, 400
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400

9
files/routes/users.py
View File

@ -458,8 +458,7 @@ def suicide(v, username):
@auth_required @auth_required
def get_coins(v, username): def get_coins(v, username):
user = get_user(username, v=v, include_shadowbanned=False) user = get_user(username, v=v, include_shadowbanned=False)
if user != None: return {"coins": user.coins}, 200 return {"coins": user.coins}
else: return {"error": "invalid_user"}, 404
@app.post("/@<username>/transfer_coins") @app.post("/@<username>/transfer_coins")
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@ -468,8 +467,6 @@ def get_coins(v, username):
def transfer_coins(v, username): def transfer_coins(v, username):
receiver = get_user(username, v=v, include_shadowbanned=False) receiver = get_user(username, v=v, include_shadowbanned=False)
if receiver is None: return {"error": "This user doesn't exist."}, 404
if receiver.id != v.id: if receiver.id != v.id:
amount = request.values.get("amount", "").strip() amount = request.values.get("amount", "").strip()
amount = int(amount) if amount.isdigit() else None amount = int(amount) if amount.isdigit() else None
@ -512,9 +509,7 @@ def transfer_coins(v, username):
@is_not_permabanned @is_not_permabanned
def transfer_bux(v, username): def transfer_bux(v, username):
receiver = get_user(username, v=v, include_shadowbanned=False) receiver = get_user(username, v=v, include_shadowbanned=False)
if not receiver: return {"error": "This user doesn't exist."}, 404
if receiver.id != v.id: if receiver.id != v.id:
amount = request.values.get("amount", "").strip() amount = request.values.get("amount", "").strip()
amount = int(amount) if amount.isdigit() else None amount = int(amount) if amount.isdigit() else None