carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

dfsfds

master
Aevann1 2021-11-16 17:24:20 +02:00
parent f8f91d4a24
commit b139ed44df
3 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/routes/awards.py
View File

@ -606,12 +606,10 @@ def admin_userawards_get(v):
@app.post("/admin/awards")
@limiter.limit("1/second")
@auth_required
@admin_level_required(2)
@validate_formkey
def admin_userawards_post(v):
if v.admin_level < 6: abort(403)
try: u = request.values.get("username").strip()
except: abort(404)

5
files/routes/reporting.py
View File

@ -69,13 +69,10 @@ def api_flag_comment(cid, v):
@app.post('/del_report/<report_fn>')
@limiter.limit("1/second")
@auth_required
@admin_level_required(2)
@validate_formkey
def remove_report(report_fn, v):
if v.admin_level < 6:
return {"error": "go outside"}, 403
if report_fn.startswith('c'):
report = g.db.query(CommentFlag).filter_by(id=int(report_fn.lstrip('c'))).first()
elif report_fn.startswith('p'):

2
files/routes/settings.py
View File

@ -793,7 +793,7 @@ def settings_css(v):
@auth_required
def settings_profilecss_get(v):
if v.truecoins < 1000 and not v.patron and v.admin_level < 6: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
if v.truecoins < 1000 and not v.patron and v.admin_level == 0 : return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
return render_template("settings_profilecss.html", v=v)
@app.post("/settings/profilecss")