improve POST_TO_CHANGELOG check

files/helpers/const.py

@@ -146,7 +146,7 @@ PERMS = { # Minimum admin_level to perform action.
 	'USER_LINK': 2,
 	'USER_MERGE': 3, # note: extra check for Aevann
 	'USER_TITLE_CHANGE': 2,
-	'POST_TO_CHANGELOG': 1,
+	'POST_TO_CHANGELOG': 1, # note: code contributors can also post to changelog
 	'POST_TO_POLL_THREAD': 2,
 	'POST_BETS': 3,
 	'POST_BETS_DISTRIBUTE': 3, # probably should be the same as POST_BETS but w/e

files/routes/posts.py

@@ -679,12 +679,9 @@ def submit_post(v, sub=None):
 
 	sub = request.values.get("sub", "").lower().replace('/h/','').strip()
 
-	if sub == 'changelog':
-		allowed = []
-		if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
-			allowed.append(v.id)
-		if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
-			allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
+	if sub == 'changelog' and not v.admin_level >= PERMS['POST_TO_CHANGELOG']:
+		# we also allow 'code contributor' badgeholders to post to the changelog hole
+		allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
 		allowed = [x[0] for x in allowed]
 		if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")