all seeing eye permission

master
justcool393 2022-10-05 21:59:06 -07:00
parent 5739f128cf
commit d78d57ec79
3 changed files with 5 additions and 4 deletions

View File

@ -152,6 +152,7 @@ PERMS = { # Minimum admin_level to perform action.
'VIEW_MODMAIL': 2, 'VIEW_MODMAIL': 2,
'VIEW_CLUB': 1, 'VIEW_CLUB': 1,
'VIEW_CHUDRAMA': 1, 'VIEW_CHUDRAMA': 1,
'VIEW_PRIVATE_PROFILES': 2,
'PRINT_MARSEYBUX_FOR_KIPPY_ON_PCMEMES': 3, 'PRINT_MARSEYBUX_FOR_KIPPY_ON_PCMEMES': 3,
'VIEW_ACTIVE_USERS': 2, 'VIEW_ACTIVE_USERS': 2,
'MERGE_USERS': 3, # note: extra check for Aevann 'MERGE_USERS': 3, # note: extra check for Aevann

View File

@ -71,7 +71,7 @@ def searchposts(v):
if 'author' in criteria: if 'author' in criteria:
posts = posts.filter(Submission.ghost == False) posts = posts.filter(Submission.ghost == False)
author = get_user(criteria['author'], v=v, include_shadowbanned=False) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400
return render_template("search.html", return render_template("search.html",
@ -198,7 +198,7 @@ def searchcomments(v):
if 'author' in criteria: if 'author' in criteria:
comments = comments.filter(Comment.ghost == False) comments = comments.filter(Comment.ghost == False)
author = get_user(criteria['author'], v=v, include_shadowbanned=False) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if author.is_private and author.id != v.id and v.admin_level < 2 and not v.eye: if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400 return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400

View File

@ -1028,7 +1028,7 @@ def u_username(username, v=None):
g.db.commit() g.db.commit()
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "This userpage is private"}, 403 return {"error": "This userpage is private"}, 403
@ -1116,7 +1116,7 @@ def u_username_comments(username, v=None):
return render_template("userpage_reserved.html", u=u, v=v) return render_template("userpage_reserved.html", u=u, v=v)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "This userpage is private"}, 403 return {"error": "This userpage is private"}, 403
return render_template("userpage_private.html", u=u, v=v) return render_template("userpage_private.html", u=u, v=v)