changelog permission and don't query db for badges if admin with perm level

master
justcool393 2022-10-05 19:45:05 -07:00
parent 2fc3044d5b
commit d8610b34b6
2 changed files with 8 additions and 4 deletions

View File

@ -132,6 +132,7 @@ PERMS = { # Minimum admin_level to perform action.
'POST_EDITING': 3, 'POST_EDITING': 3,
'USER_BAN': 2, 'USER_BAN': 2,
'USER_SHADOWBAN': 2, 'USER_SHADOWBAN': 2,
'POST_TO_CHANGELOG': 1,
} }
FEATURES = { FEATURES = {

View File

@ -70,7 +70,6 @@ def publish(pid, v):
cache.delete_memoized(frontlist) cache.delete_memoized(frontlist)
cache.delete_memoized(User.userpagelisting) cache.delete_memoized(User.userpagelisting)
if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog':
send_changelog_message(post.permalink) send_changelog_message(post.permalink)
if SITE == 'watchpeopledie.co': if SITE == 'watchpeopledie.co':
@ -681,7 +680,11 @@ def submit_post(v, sub=None):
sub = request.values.get("sub", "").lower().replace('/h/','').strip() sub = request.values.get("sub", "").lower().replace('/h/','').strip()
if sub == 'changelog': if sub == 'changelog':
allowed = g.db.query(User.id).filter(User.admin_level > 0).all() + g.db.query(Badge.user_id).filter_by(badge_id=3).all() allowed = []
if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
allowed.append(v.id)
if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
allowed = [x[0] for x in allowed] allowed = [x[0] for x in allowed]
if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog") if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")
@ -1030,7 +1033,7 @@ def submit_post(v, sub=None):
cache.delete_memoized(frontlist) cache.delete_memoized(frontlist)
cache.delete_memoized(User.userpagelisting) cache.delete_memoized(User.userpagelisting)
if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog' and not post.private: if post.sub == 'changelog' and not post.private:
send_changelog_message(post.permalink) send_changelog_message(post.permalink)
if not post.private and SITE == 'watchpeopledie.co': if not post.private and SITE == 'watchpeopledie.co':