pings bypass permission

master
justcool393 2022-10-12 02:36:29 -07:00
parent db9b37de40
commit b92535c286
2 changed files with 2 additions and 1 deletions

View File

@ -176,6 +176,7 @@ PERMS = { # Minimum admin_level to perform action.
'USER_BLOCKS_VISIBLE': 0, 'USER_BLOCKS_VISIBLE': 0,
'USER_FOLLOWS_VISIBLE': 0, 'USER_FOLLOWS_VISIBLE': 0,
'USER_VOTERS_VISIBLE': 0, 'USER_VOTERS_VISIBLE': 0,
'POST_COMMENT_INFINITE_PINGS': 1,
'POST_COMMENT_MODERATION': 2, 'POST_COMMENT_MODERATION': 2,
'POST_COMMENT_DISTINGUISH': 1, 'POST_COMMENT_DISTINGUISH': 1,
'POST_COMMENT_MODERATION_TOOLS_VISIBLE': 2, # note: does not affect API at all 'POST_COMMENT_MODERATION_TOOLS_VISIBLE': 2, # note: does not affect API at all

View File

@ -241,7 +241,7 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys
v = getattr(g, 'v', None) v = getattr(g, 'v', None)
names = set(m.group(2) for m in mention_regex.finditer(sanitized)) names = set(m.group(2) for m in mention_regex.finditer(sanitized))
if limit_pings and len(names) > limit_pings and not v.admin_level: abort(406) if limit_pings and len(names) > limit_pings and not v.admin_level >= PERMS['POST_COMMENT_INFINITE_PINGS']: abort(406)
users_list = get_users(names, graceful=True) users_list = get_users(names, graceful=True)
users_dict = {} users_dict = {}
for u in users_list: for u in users_list: