forked from MarseyWorld/MarseyWorld
don't duplicate checks for users
parent
40c2360d00
commit
78b668a870
|
@ -300,11 +300,8 @@ def revert_actions(v, username):
|
|||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@admin_level_required(2)
|
||||
def club_allow(v, username):
|
||||
|
||||
u = get_user(username, v=v)
|
||||
|
||||
if not u: abort(404)
|
||||
|
||||
if u.admin_level >= v.admin_level: return {"error": "noob"}, 400
|
||||
|
||||
u.club_allowed = True
|
||||
|
@ -327,11 +324,8 @@ def club_allow(v, username):
|
|||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@admin_level_required(2)
|
||||
def club_ban(v, username):
|
||||
|
||||
u = get_user(username, v=v)
|
||||
|
||||
if not u: abort(404)
|
||||
|
||||
if u.admin_level >= v.admin_level: return {"error": "noob"}, 400
|
||||
|
||||
u.club_allowed = False
|
||||
|
|
|
@ -467,7 +467,7 @@ def admin_userawards_post(v):
|
|||
|
||||
whitelist = ("shit", "fireflies", "train", "scooter", "wholesome", "tilt", "glowie")
|
||||
|
||||
u = get_user(u, graceful=False, v=v)
|
||||
u = get_user(u, v=v)
|
||||
|
||||
notify_awards = {}
|
||||
|
||||
|
|
|
@ -72,7 +72,6 @@ def searchposts(v):
|
|||
if 'author' in criteria:
|
||||
posts = posts.filter(Submission.ghost == False)
|
||||
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
|
||||
if not author: return {"error": "User not found"}, 400
|
||||
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
|
||||
if request.headers.get("Authorization"):
|
||||
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400
|
||||
|
@ -209,7 +208,6 @@ def searchcomments(v):
|
|||
if 'author' in criteria:
|
||||
comments = comments.filter(Comment.ghost == False)
|
||||
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
|
||||
if not author: return {"error": "User not found"}, 400
|
||||
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye:
|
||||
if request.headers.get("Authorization"):
|
||||
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400
|
||||
|
|
|
@ -458,8 +458,7 @@ def suicide(v, username):
|
|||
@auth_required
|
||||
def get_coins(v, username):
|
||||
user = get_user(username, v=v, include_shadowbanned=False)
|
||||
if user != None: return {"coins": user.coins}, 200
|
||||
else: return {"error": "invalid_user"}, 404
|
||||
return {"coins": user.coins}
|
||||
|
||||
@app.post("/@<username>/transfer_coins")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
|
@ -468,8 +467,6 @@ def get_coins(v, username):
|
|||
def transfer_coins(v, username):
|
||||
receiver = get_user(username, v=v, include_shadowbanned=False)
|
||||
|
||||
if receiver is None: return {"error": "This user doesn't exist."}, 404
|
||||
|
||||
if receiver.id != v.id:
|
||||
amount = request.values.get("amount", "").strip()
|
||||
amount = int(amount) if amount.isdigit() else None
|
||||
|
@ -513,8 +510,6 @@ def transfer_coins(v, username):
|
|||
def transfer_bux(v, username):
|
||||
receiver = get_user(username, v=v, include_shadowbanned=False)
|
||||
|
||||
if not receiver: return {"error": "This user doesn't exist."}, 404
|
||||
|
||||
if receiver.id != v.id:
|
||||
amount = request.values.get("amount", "").strip()
|
||||
amount = int(amount) if amount.isdigit() else None
|
||||
|
|
Loading…
Reference in New Issue