forked from MarseyWorld/MarseyWorld
add whitelist of badge_granting on WPD, and disallow removing award badges
parent
77312317f3
commit
f2a5c8f5d4
|
@ -530,6 +530,9 @@ def badge_grant_post(v):
|
||||||
try: badge_id = int(request.values.get("badge_id"))
|
try: badge_id = int(request.values.get("badge_id"))
|
||||||
except: abort(400)
|
except: abort(400)
|
||||||
|
|
||||||
|
if SITE == 'watchpeopledie.co' and badge_id not in {99,101}:
|
||||||
|
abort(403)
|
||||||
|
|
||||||
if badge_id in {16,17,21,22,23,24,25,26,27,94,95,96,97,98,109,137,67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net':
|
if badge_id in {16,17,21,22,23,24,25,26,27,94,95,96,97,98,109,137,67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net':
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -592,6 +595,9 @@ def badge_remove_post(v):
|
||||||
try: badge_id = int(request.values.get("badge_id"))
|
try: badge_id = int(request.values.get("badge_id"))
|
||||||
except: abort(400)
|
except: abort(400)
|
||||||
|
|
||||||
|
if badge_id in {67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net':
|
||||||
|
abort(403)
|
||||||
|
|
||||||
badge = user.has_badge(badge_id)
|
badge = user.has_badge(badge_id)
|
||||||
if not badge:
|
if not badge:
|
||||||
return render_template("admin/badge_remove.html", v=v, badge_types=badges, error="User doesn't have that badge.")
|
return render_template("admin/badge_remove.html", v=v, badge_types=badges, error="User doesn't have that badge.")
|
||||||
|
|
Loading…
Reference in New Issue