From c0f753e10158c788ea9279c780ceb6d8498f7538 Mon Sep 17 00:00:00 2001 From: justcool393 Date: Wed, 5 Oct 2022 20:15:10 -0700 Subject: [PATCH] asset submissions permissions --- files/helpers/const.py | 4 ++++ files/routes/asset_submissions.py | 12 ++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/files/helpers/const.py b/files/helpers/const.py index 285b12450..4b10651d0 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -137,6 +137,10 @@ PERMS = { # Minimum admin_level to perform action. 'BYPASS_PIN_LIMIT': 3, 'VIEW_PENDING_SUBMITTED_MARSEYS': 3, 'VIEW_PENDING_SUBMITTED_HATS': 3, + 'MODERATE_PENDING_SUBMITTED_MARSEYS': 3, # note: there is an extra check so that only """carp""" can approve them + 'MODERATE_PENDING_SUBMITTED_HATS': 3, # note: there is an extra check so that only """carp""" can approve them + 'UPDATE_MARSEYS': 3, # note: extra check is here for 4 different users + 'UPDATE_HATS': 3, # note: extra check is here for 4 different users 'BUY_GHOST_AWARD': 2, 'LOTTERY_ADMIN': 3, 'LOTTERY_VIEW_PARTICIPANTS': 2, diff --git a/files/routes/asset_submissions.py b/files/routes/asset_submissions.py index e03829e6a..9118b976c 100644 --- a/files/routes/asset_submissions.py +++ b/files/routes/asset_submissions.py @@ -92,7 +92,7 @@ def submit_marsey(v): @app.post("/admin/approve/marsey/") -@admin_level_required(3) +@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_MARSEYS']) def approve_marsey(v, name): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID): return {"error": "Only Carp can approve marseys!"}, 403 @@ -251,7 +251,7 @@ def submit_hat(v): @app.post("/admin/approve/hat/") -@admin_level_required(3) +@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_HATS']) def approve_hat(v, name): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID): return {"error": "Only Carp can approve hats!"}, 403 @@ -345,7 +345,7 @@ def remove_hat(v, name): @app.get("/admin/update/marseys") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_MARSEYS']) def update_marseys(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) @@ -354,7 +354,7 @@ def update_marseys(v): @app.post("/admin/update/marseys") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_MARSEYS']) def update_marsey(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) @@ -408,7 +408,7 @@ def update_marsey(v): @app.get("/admin/update/hats") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_HATS']) def update_hats(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403) @@ -417,7 +417,7 @@ def update_hats(v): @app.post("/admin/update/hats") -@admin_level_required(3) +@admin_level_required(PERMS['UPDATE_HATS']) def update_hat(v): if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, GEESE_ID, SNAKES_ID): abort(403)