From d8610b34b64a9117de8f22703313eaf3d45fbbc1 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Wed, 5 Oct 2022 19:45:05 -0700
Subject: [PATCH] changelog permission and don't query db for badges if admin
 with perm level

---
 files/helpers/const.py |  1 +
 files/routes/posts.py  | 11 +++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/files/helpers/const.py b/files/helpers/const.py
index 12375f46b..9fac66ec8 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -132,6 +132,7 @@ PERMS = { # Minimum admin_level to perform action.
 	'POST_EDITING': 3,
 	'USER_BAN': 2,
 	'USER_SHADOWBAN': 2,
+	'POST_TO_CHANGELOG': 1,
 }
 
 FEATURES = {
diff --git a/files/routes/posts.py b/files/routes/posts.py
index 14962181a..7be3690c3 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -70,8 +70,7 @@ def publish(pid, v):
 	cache.delete_memoized(frontlist)
 	cache.delete_memoized(User.userpagelisting)
 
-	if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog':
-		send_changelog_message(post.permalink)
+	send_changelog_message(post.permalink)
 
 	if SITE == 'watchpeopledie.co':
 		send_wpd_message(post.permalink)
@@ -681,7 +680,11 @@ def submit_post(v, sub=None):
 	sub = request.values.get("sub", "").lower().replace('/h/','').strip()
 
 	if sub == 'changelog':
-		allowed = g.db.query(User.id).filter(User.admin_level > 0).all() + g.db.query(Badge.user_id).filter_by(badge_id=3).all()
+		allowed = []
+		if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
+			allowed.append(v.id)
+		if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
+			allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
 		allowed = [x[0] for x in allowed]
 		if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")
 
@@ -1030,7 +1033,7 @@ def submit_post(v, sub=None):
 	cache.delete_memoized(frontlist)
 	cache.delete_memoized(User.userpagelisting)
 
-	if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog' and not post.private:
+	if post.sub == 'changelog' and not post.private:
 		send_changelog_message(post.permalink)
 
 	if not post.private and SITE == 'watchpeopledie.co':