From d78d57ec797ee5ef9d212abd6321af7eff008623 Mon Sep 17 00:00:00 2001 From: justcool393 Date: Wed, 5 Oct 2022 21:59:06 -0700 Subject: [PATCH] all seeing eye permission --- files/helpers/const.py | 1 + files/routes/search.py | 4 ++-- files/routes/users.py | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/files/helpers/const.py b/files/helpers/const.py index e35019384..f71a9e5c8 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -152,6 +152,7 @@ PERMS = { # Minimum admin_level to perform action. 'VIEW_MODMAIL': 2, 'VIEW_CLUB': 1, 'VIEW_CHUDRAMA': 1, + 'VIEW_PRIVATE_PROFILES': 2, 'PRINT_MARSEYBUX_FOR_KIPPY_ON_PCMEMES': 3, 'VIEW_ACTIVE_USERS': 2, 'MERGE_USERS': 3, # note: extra check for Aevann diff --git a/files/routes/search.py b/files/routes/search.py index 616bbcb34..1c7c22c0f 100644 --- a/files/routes/search.py +++ b/files/routes/search.py @@ -71,7 +71,7 @@ def searchposts(v): if 'author' in criteria: posts = posts.filter(Submission.ghost == False) author = get_user(criteria['author'], v=v, include_shadowbanned=False) - if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: + if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye: if request.headers.get("Authorization"): return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 return render_template("search.html", @@ -198,7 +198,7 @@ def searchcomments(v): if 'author' in criteria: comments = comments.filter(Comment.ghost == False) author = get_user(criteria['author'], v=v, include_shadowbanned=False) - if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: + if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye: if request.headers.get("Authorization"): return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 diff --git a/files/routes/users.py b/files/routes/users.py index cb87b5026..9f791204b 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -1028,7 +1028,7 @@ def u_username(username, v=None): g.db.commit() - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): return {"error": "This userpage is private"}, 403 @@ -1116,7 +1116,7 @@ def u_username_comments(username, v=None): return render_template("userpage_reserved.html", u=u, v=v) - if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): + if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): return {"error": "This userpage is private"}, 403 return render_template("userpage_private.html", u=u, v=v)