forked from MarseyWorld/MarseyWorld
changelog permission and don't query db for badges if admin with perm level
parent
2fc3044d5b
commit
d8610b34b6
|
@ -132,6 +132,7 @@ PERMS = { # Minimum admin_level to perform action.
|
|||
'POST_EDITING': 3,
|
||||
'USER_BAN': 2,
|
||||
'USER_SHADOWBAN': 2,
|
||||
'POST_TO_CHANGELOG': 1,
|
||||
}
|
||||
|
||||
FEATURES = {
|
||||
|
|
|
@ -70,7 +70,6 @@ def publish(pid, v):
|
|||
cache.delete_memoized(frontlist)
|
||||
cache.delete_memoized(User.userpagelisting)
|
||||
|
||||
if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog':
|
||||
send_changelog_message(post.permalink)
|
||||
|
||||
if SITE == 'watchpeopledie.co':
|
||||
|
@ -681,7 +680,11 @@ def submit_post(v, sub=None):
|
|||
sub = request.values.get("sub", "").lower().replace('/h/','').strip()
|
||||
|
||||
if sub == 'changelog':
|
||||
allowed = g.db.query(User.id).filter(User.admin_level > 0).all() + g.db.query(Badge.user_id).filter_by(badge_id=3).all()
|
||||
allowed = []
|
||||
if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
|
||||
allowed.append(v.id)
|
||||
if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
|
||||
allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
|
||||
allowed = [x[0] for x in allowed]
|
||||
if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")
|
||||
|
||||
|
@ -1030,7 +1033,7 @@ def submit_post(v, sub=None):
|
|||
cache.delete_memoized(frontlist)
|
||||
cache.delete_memoized(User.userpagelisting)
|
||||
|
||||
if (v.admin_level > 0 or v.has_badge(3)) and post.sub == 'changelog' and not post.private:
|
||||
if post.sub == 'changelog' and not post.private:
|
||||
send_changelog_message(post.permalink)
|
||||
|
||||
if not post.private and SITE == 'watchpeopledie.co':
|
||||
|
|
Loading…
Reference in New Issue