From b92535c28676391ee8959aa0cc0d303b12ab2b1b Mon Sep 17 00:00:00 2001 From: justcool393 Date: Wed, 12 Oct 2022 02:36:29 -0700 Subject: [PATCH] pings bypass permission --- files/helpers/const.py | 1 + files/helpers/sanitize.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/files/helpers/const.py b/files/helpers/const.py index d002df3e5..a704e70eb 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -176,6 +176,7 @@ PERMS = { # Minimum admin_level to perform action. 'USER_BLOCKS_VISIBLE': 0, 'USER_FOLLOWS_VISIBLE': 0, 'USER_VOTERS_VISIBLE': 0, + 'POST_COMMENT_INFINITE_PINGS': 1, 'POST_COMMENT_MODERATION': 2, 'POST_COMMENT_DISTINGUISH': 1, 'POST_COMMENT_MODERATION_TOOLS_VISIBLE': 2, # note: does not affect API at all diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 4ba05b248..6ad659281 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -241,7 +241,7 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys v = getattr(g, 'v', None) names = set(m.group(2) for m in mention_regex.finditer(sanitized)) - if limit_pings and len(names) > limit_pings and not v.admin_level: abort(406) + if limit_pings and len(names) > limit_pings and not v.admin_level >= PERMS['POST_COMMENT_INFINITE_PINGS']: abort(406) users_list = get_users(names, graceful=True) users_dict = {} for u in users_list: