diff --git a/files/routes/users.py b/files/routes/users.py index 95ef62a78..dd52cb4b9 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -879,10 +879,12 @@ def redditor_moment_redirect(username, v): @auth_required def followers(username, v): u = get_user(username, v=v) + if u.id == CARP_ID: abort(403) + if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']): abort(403) - users = g.db.query(User).join(Follow, Follow.target_id == u.id) \ + users = g.db.query(Follow, User).join(Follow, Follow.target_id == u.id) \ .filter(Follow.user_id == User.id) \ .order_by(Follow.created_utc).all() return render_template("followers.html", v=v, u=u, users=users) diff --git a/files/templates/followers.html b/files/templates/followers.html index e3858afe7..5dc710ab3 100644 --- a/files/templates/followers.html +++ b/files/templates/followers.html @@ -11,16 +11,18 @@