From a0cf583460a89f77e98bd33b8748f0026020285c Mon Sep 17 00:00:00 2001 From: Aevann Date: Thu, 5 Oct 2023 12:22:05 +0300 Subject: [PATCH] refactor can_see and use it more --- files/classes/user.py | 67 ++++++++------------------ files/routes/chat.py | 2 +- files/routes/comments.py | 4 +- files/routes/front.py | 2 +- files/routes/jinja2.py | 2 +- files/routes/notifications.py | 2 +- files/routes/posts.py | 4 +- files/routes/subs.py | 16 +++--- files/routes/users.py | 4 +- files/routes/votes.py | 2 +- files/templates/comments.html | 2 +- files/templates/post_listing.html | 2 +- files/templates/user_listing.html | 2 +- files/templates/userpage/banner.html | 30 ++++++------ files/templates/userpage/userpage.html | 4 +- files/templates/util/html_head.html | 2 +- 16 files changed, 59 insertions(+), 88 deletions(-) diff --git a/files/classes/user.py b/files/classes/user.py index 757c494fa..916dd898d 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -923,7 +923,7 @@ class User(Base): @property @lazy def banner_url(self): - if FEATURES['USERS_PROFILE_BANNER'] and self.bannerurl and self.can_see_my_shit: + if FEATURES['USERS_PROFILE_BANNER'] and self.bannerurl and g.v.can_see(self): return self.bannerurl return f"{SITE_FULL_IMAGES}/i/{SITE_NAME}/site_preview.webp?x=6" @@ -942,7 +942,7 @@ class User(Base): number_of_girl_pfps = 25 pic_num = (self.id % number_of_girl_pfps) + 1 return f"{SITE_FULL}/i/pfps/girls/{pic_num}.webp" - if self.profileurl and self.can_see_my_shit: + if self.profileurl and g.v.can_see(self): if self.profileurl.startswith('/'): return SITE_FULL + self.profileurl return self.profileurl return f"{SITE_FULL_IMAGES}/i/default-profile-pic.webp?x=6" @@ -959,14 +959,12 @@ class User(Base): @lazy def real_post_count(self, v): - if not self.shadowbanned: return self.post_count - if v and (v.id == self.id or v.can_see_shadowbanned): return self.post_count + if v.can_see(self): return self.post_count return 0 @lazy def real_comment_count(self, v): - if not self.shadowbanned: return self.comment_count - if v and (v.id == self.id or v.can_see_shadowbanned): return self.comment_count + if v.can_see(self): return self.comment_count return 0 @property @@ -1152,34 +1150,13 @@ class User(Base): tier_money = TIER_TO_MONEY[self.patron] return f'{tier_name} - Donates ${tier_money}/month' - @classmethod - def can_see_content(cls, user, other): - ''' - Whether a user can see this item (be it a post or comment)'s content. - If False, they won't be able to view its content. - ''' - if not cls.can_see(user, other): return False - if user and user.admin_level >= PERMS["POST_COMMENT_MODERATION"]: return True + @lazy + def can_see(self, other): if isinstance(other, (Post, Comment)): - if user and user.id == other.author_id: return True - if other.is_banned: return False - if other.deleted_utc: return False - if other.author.shadowbanned and not (user and user.can_see_shadowbanned): return False - if isinstance(other, Comment): - if other.parent_post and not cls.can_see(user, other.post): return False - return True - - @classmethod - def can_see(cls, user, other): - ''' - Whether a user can strictly see this item. can_see_content is used where - content of a thing can be hidden from view - ''' - if isinstance(other, (Post, Comment)): - if not cls.can_see(user, other.author): return False - if user and user.id == other.author_id: return True + if not self.can_see(other.author): return False + if self and self.id == other.author_id: return True if isinstance(other, Post): - if other.sub and not cls.can_see(user, other.subr): + if other.sub and not self.can_see(other.subr): return False if request.headers.get("Cf-Ipcountry") == 'NZ': if 'christchurch' in other.title.lower(): @@ -1190,22 +1167,22 @@ class User(Base): if hasattr(other, 'is_blocking') and other.is_blocking and not request.path.endswith(f'/{other.id}'): return False if other.parent_post: - return cls.can_see(user, other.post) + return self.can_see(other.post) else: - if not user and not other.wall_user_id: return False + if not self and not other.wall_user_id: return False if other.sentto: if other.sentto == MODMAIL_ID: - if other.top_comment.author_id == user.id: return True - return user.admin_level >= PERMS['VIEW_MODMAIL'] - if other.sentto != user.id: - return user.admin_level >= PERMS['BLACKJACK_NOTIFICATIONS'] + if other.top_comment.author_id == self.id: return True + return self.admin_level >= PERMS['VIEW_MODMAIL'] + if other.sentto != self.id: + return self.admin_level >= PERMS['BLACKJACK_NOTIFICATIONS'] elif isinstance(other, Sub): - if other.name == 'chudrama': return bool(user) and user.can_see_chudrama - if other.name == 'countryclub': return bool(user) and user.can_see_countryclub - if other.name == 'highrollerclub': return bool(user) and user.can_see_highrollerclub + if other.name == 'chudrama': return bool(user) and self.can_see_chudrama + if other.name == 'countryclub': return bool(user) and self.can_see_countryclub + if other.name == 'highrollerclub': return bool(user) and self.can_see_highrollerclub elif isinstance(other, User): - return (user and user.id == other.id) or (user and user.can_see_shadowbanned) or not other.shadowbanned + return (self and self.id == other.id) or (self and self.can_see_shadowbanned) or not other.shadowbanned return True @property @@ -1369,12 +1346,6 @@ class User(Base): return output - @property - @lazy - def can_see_my_shit(self): - v = g.v - return not self.shadowbanned or (v and (v.id == self.id or v.can_see_shadowbanned)) - @property @lazy def ordered_badges(self): diff --git a/files/routes/chat.py b/files/routes/chat.py index fddb18267..936378d95 100644 --- a/files/routes/chat.py +++ b/files/routes/chat.py @@ -353,7 +353,7 @@ def messagereply(v): execute_under_siege(v, c, c.body_html, 'message') if user_id and user_id not in {v.id, MODMAIL_ID} | BOT_IDs: - if User.can_see(user, v): + if user.can_see(v): notif = g.db.query(Notification).filter_by(comment_id=c.id, user_id=user_id).one_or_none() if not notif: notif = Notification(comment_id=c.id, user_id=user_id) diff --git a/files/routes/comments.py b/files/routes/comments.py index d0a5b71fa..e9e5999d2 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -48,7 +48,7 @@ def post_pid_comment_cid(cid, v, pid=None, anything=None, sub=None): comment = get_comment(cid, v=v) - if not User.can_see(v, comment): abort(403) + if not v.can_see(comment): abort(403) if comment.parent_post: post = comment.parent_post @@ -145,7 +145,7 @@ def comment(v): parent_user = parent if isinstance(parent, User) else parent.author posting_to_post = isinstance(post_target, Post) - if posting_to_post and not User.can_see(v, parent): + if posting_to_post and not v.can_see(parent): abort(403) if posting_to_post: diff --git a/files/routes/front.py b/files/routes/front.py index 7f2f08e4e..460c4a4df 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -18,7 +18,7 @@ from files.__main__ import app, cache, limiter, redis_instance def front_all(v, sub=None): if sub: sub = get_sub_by_name(sub, graceful=True) - if sub and not User.can_see(v, sub): + if sub and not v.can_see(sub): abort(403) if request.path.startswith('/h/') and not sub: diff --git a/files/routes/jinja2.py b/files/routes/jinja2.py index dd4a096a9..ba7d66047 100644 --- a/files/routes/jinja2.py +++ b/files/routes/jinja2.py @@ -132,7 +132,7 @@ def inject_constants(): "SIDEBAR_THREAD":SIDEBAR_THREAD, "BANNER_THREAD":BANNER_THREAD, "BUG_THREAD":BUG_THREAD, "BADGE_THREAD":BADGE_THREAD, "SNAPPY_THREAD":SNAPPY_THREAD, "CHANGELOG_THREAD":CHANGELOG_THREAD, "approved_embed_hosts":approved_embed_hosts, "POST_BODY_LENGTH_LIMIT":POST_BODY_LENGTH_LIMIT, - "SITE_SETTINGS":get_settings(), "EMAIL":EMAIL, "max": max, "min": min, "user_can_see":User.can_see, + "SITE_SETTINGS":get_settings(), "EMAIL":EMAIL, "max": max, "min": min, "TELEGRAM_ID":TELEGRAM_ID, "TRUESCORE_DONATE_MINIMUM":TRUESCORE_DONATE_MINIMUM, "PROGSTACK_ID":PROGSTACK_ID, "DONATE_LINK":DONATE_LINK, "DONATE_SERVICE":DONATE_SERVICE, "HOUSE_JOIN_COST":HOUSE_JOIN_COST, "HOUSE_SWITCH_COST":HOUSE_SWITCH_COST, "IMAGE_FORMATS":','.join(IMAGE_FORMATS), diff --git a/files/routes/notifications.py b/files/routes/notifications.py index b9f32bec7..0858c6c78 100644 --- a/files/routes/notifications.py +++ b/files/routes/notifications.py @@ -435,7 +435,7 @@ def notifications(v): def notification(v, cid): comment = get_comment(cid, v=v) - if not User.can_see(v, comment): abort(403) + if not v.can_see(comment): abort(403) comment.unread = True diff --git a/files/routes/posts.py b/files/routes/posts.py index 3edeb4a26..482cf7172 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -99,7 +99,7 @@ def submit_get(v, sub=None): @auth_desired_with_logingate def post_id(pid, v, anything=None, sub=None): p = get_post(pid, v=v) - if not User.can_see(v, p): abort(403) + if not v.can_see(p): abort(403) if not g.is_api_or_xhr and p.over_18 and not g.show_over_18: return render_template("errors/nsfw.html", v=v) @@ -468,7 +468,7 @@ def submit_post(v, sub=None): sub = g.db.query(Sub).options(load_only(Sub.name)).filter_by(name=sub_name).one_or_none() if not sub: abort(400, f"/h/{sub_name} not found!") - if not User.can_see(v, sub): + if not v.can_see(sub): if sub.name == 'highrollerclub': abort(403, f"Only {patron}s can post in /h/{sub}") abort(403, f"You're not allowed to post in /h/{sub}") diff --git a/files/routes/subs.py b/files/routes/subs.py index 569b7971a..85f9ab8b0 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -125,7 +125,7 @@ def block_sub(v, sub): @auth_required def unblock_sub(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) block = g.db.query(SubBlock).filter_by(user_id=v.id, sub=sub.name).one_or_none() @@ -173,7 +173,7 @@ def unsubscribe_sub(v, sub): @auth_required def follow_sub(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) existing = g.db.query(SubSubscription).filter_by(user_id=v.id, sub=sub.name).one_or_none() if not existing: @@ -202,7 +202,7 @@ def unfollow_sub(v, sub): @auth_required def mods(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) users = g.db.query(User, Mod).join(Mod).filter_by(sub=sub.name).order_by(Mod.created_utc).all() @@ -215,7 +215,7 @@ def mods(v, sub): @auth_required def sub_exilees(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) users = g.db.query(User, Exile).join(Exile, Exile.user_id==User.id) \ .filter_by(sub=sub.name) \ @@ -230,7 +230,7 @@ def sub_exilees(v, sub): @auth_required def sub_blockers(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) users = g.db.query(User, SubBlock).join(SubBlock) \ .filter_by(sub=sub.name) \ @@ -246,7 +246,7 @@ def sub_blockers(v, sub): @auth_required def sub_followers(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) users = g.db.query(User, SubSubscription).join(SubSubscription) \ .filter_by(sub=sub.name) \ @@ -841,7 +841,7 @@ def unpin_comment_mod(cid, v): @auth_required def hole_log(v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) page = get_page() @@ -883,7 +883,7 @@ def hole_log(v, sub): @auth_required def hole_log_item(id, v, sub): sub = get_sub_by_name(sub) - if not User.can_see(v, sub): + if not v.can_see(sub): abort(403) action = g.db.get(SubAction, id) diff --git a/files/routes/users.py b/files/routes/users.py index c59d04223..2e2f29a1a 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -665,7 +665,7 @@ def message2(v, username=None, id=None): execute_under_siege(v, c, c.body_html, 'message') c.top_comment_id = c.id - if user.id not in BOT_IDs and User.can_see(user, v): + if user.id not in BOT_IDs and user.can_see(v): g.db.flush() notif = g.db.query(Notification).filter_by(comment_id=c.id, user_id=user.id).one_or_none() if not notif: @@ -927,7 +927,7 @@ def u_username_wall(v, username): def u_username_wall_comment(v, username, cid): comment = get_comment(cid, v=v) if not comment.wall_user_id: abort(400) - if not User.can_see(v, comment): abort(403) + if not v.can_see(comment): abort(403) u = comment.wall_user diff --git a/files/routes/votes.py b/files/routes/votes.py index 75c85c875..6f967664c 100644 --- a/files/routes/votes.py +++ b/files/routes/votes.py @@ -29,7 +29,7 @@ def vote_post_comment(target_id, new, v, cls, vote_cls): else: abort(404) - if not User.can_see(v, target): abort(403) + if not v.can_see(target): abort(403) coin_delta = 1 if v.id == target.author.id: diff --git a/files/templates/comments.html b/files/templates/comments.html index 0bfcbe773..09e4a59c1 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -13,7 +13,7 @@ {% macro single_comment(c, level=1, collapse=False) %} -{% if user_can_see(v, c) %} +{% if v.can_see(c) %} {% set ups=c.upvotes %} {% set downs=c.downvotes %} diff --git a/files/templates/post_listing.html b/files/templates/post_listing.html index a023899ea..731a82cd4 100644 --- a/files/templates/post_listing.html +++ b/files/templates/post_listing.html @@ -10,7 +10,7 @@ {% include "popover.html" %} -{% for p in listing if user_can_see(v, p) %} +{% for p in listing if v.can_see(p) %} diff --git a/files/templates/user_listing.html b/files/templates/user_listing.html index 4465a6882..9e55bb0e0 100644 --- a/files/templates/user_listing.html +++ b/files/templates/user_listing.html @@ -32,7 +32,7 @@
Last active on
{%- endif %} - {% if FEATURES['USERS_PROFILE_BODYTEXT'] and not hide_bios and u.bio_html and u.can_see_my_shit %} + {% if FEATURES['USERS_PROFILE_BODYTEXT'] and not hide_bios and u.bio_html and v.can_see(u) %}
{{u.bio_html | safe}}
{% endif %} diff --git a/files/templates/userpage/banner.html b/files/templates/userpage/banner.html index 65d8ace3f..f45c9004d 100644 --- a/files/templates/userpage/banner.html +++ b/files/templates/userpage/banner.html @@ -6,7 +6,7 @@ {% endif %} {% set ns = namespace() %} -{% set pfp = u.highres if (u.highres and u.can_see_my_shit) else u.profile_url %} +{% set pfp = u.highres if (u.highres and v.can_see(u)) else u.profile_url %} {% block desktopUserBanner %}
@@ -29,7 +29,7 @@

{{u.user_name}}

- {% if u.can_see_my_shit and u.username != u.original_username %} + {% if v.can_see(u) and u.username != u.original_username %} {% set ns.og_usernames = 'Original Usernames:
@' ~ u.original_username %} {% if u.prelock_username and u.prelock_username != u.original_username %} @@ -63,11 +63,11 @@ {% endif %}
- {% if FEATURES['PRONOUNS'] and u.can_see_my_shit %} + {% if FEATURES['PRONOUNS'] and v.can_see(u) %}

{{u.pronouns_display}}

{% endif %} - {% if u.customtitle and u.can_see_my_shit %} + {% if u.customtitle and v.can_see(u) %}

{{u.customtitle | safe}}

{% endif %} @@ -111,18 +111,18 @@
{% if FEATURES['USERS_PROFILE_BODYTEXT'] -%} - {% if u.bio_html and u.can_see_my_shit %} + {% if u.bio_html and v.can_see(u) %}
{{u.bio_html | safe}}
{% else %}

No bio...

{% endif %} - {% if u.friends_html and u.can_see_my_shit %} + {% if u.friends_html and v.can_see(u) %}

Friends:

{{u.friends_html | safe}}
{% endif %} - {% if u.enemies_html and u.can_see_my_shit %} + {% if u.enemies_html and v.can_see(u) %}

Enemies:

{{u.enemies_html | safe}}
{% endif %} @@ -259,7 +259,7 @@ {{alts|length}} Alt{{macros.plural(alts|length)}}: {% endif %}