forked from MarseyWorld/MarseyWorld
improve POST_TO_CHANGELOG check
parent
941bf69227
commit
8db6b3f7fd
|
@ -146,7 +146,7 @@ PERMS = { # Minimum admin_level to perform action.
|
|||
'USER_LINK': 2,
|
||||
'USER_MERGE': 3, # note: extra check for Aevann
|
||||
'USER_TITLE_CHANGE': 2,
|
||||
'POST_TO_CHANGELOG': 1,
|
||||
'POST_TO_CHANGELOG': 1, # note: code contributors can also post to changelog
|
||||
'POST_TO_POLL_THREAD': 2,
|
||||
'POST_BETS': 3,
|
||||
'POST_BETS_DISTRIBUTE': 3, # probably should be the same as POST_BETS but w/e
|
||||
|
|
|
@ -679,11 +679,8 @@ def submit_post(v, sub=None):
|
|||
|
||||
sub = request.values.get("sub", "").lower().replace('/h/','').strip()
|
||||
|
||||
if sub == 'changelog':
|
||||
allowed = []
|
||||
if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
|
||||
allowed.append(v.id)
|
||||
if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
|
||||
if sub == 'changelog' and not v.admin_level >= PERMS['POST_TO_CHANGELOG']:
|
||||
# we also allow 'code contributor' badgeholders to post to the changelog hole
|
||||
allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
|
||||
allowed = [x[0] for x in allowed]
|
||||
if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")
|
||||
|
|
Loading…
Reference in New Issue