carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

improve POST_TO_CHANGELOG check

master
justcool393 2022-10-06 02:09:46 -07:00
parent 941bf69227
commit 8db6b3f7fd
2 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/helpers/const.py
View File

@ -146,7 +146,7 @@ PERMS = { # Minimum admin_level to perform action.
'USER_LINK': 2, 'USER_LINK': 2,
'USER_MERGE': 3, # note: extra check for Aevann 'USER_MERGE': 3, # note: extra check for Aevann
'USER_TITLE_CHANGE': 2, 'USER_TITLE_CHANGE': 2,
'POST_TO_CHANGELOG': 1, 'POST_TO_CHANGELOG': 1, # note: code contributors can also post to changelog
'POST_TO_POLL_THREAD': 2, 'POST_TO_POLL_THREAD': 2,
'POST_BETS': 3, 'POST_BETS': 3,
'POST_BETS_DISTRIBUTE': 3, # probably should be the same as POST_BETS but w/e 'POST_BETS_DISTRIBUTE': 3, # probably should be the same as POST_BETS but w/e

7
files/routes/posts.py
View File

@ -679,11 +679,8 @@ def submit_post(v, sub=None):
sub = request.values.get("sub", "").lower().replace('/h/','').strip() sub = request.values.get("sub", "").lower().replace('/h/','').strip()
if sub == 'changelog': if sub == 'changelog' and not v.admin_level >= PERMS['POST_TO_CHANGELOG']:
allowed = [] # we also allow 'code contributor' badgeholders to post to the changelog hole
if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
allowed.append(v.id)
if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all() allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
allowed = [x[0] for x in allowed] allowed = [x[0] for x in allowed]
if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog") if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")