add whitelist of badge_granting on WPD, and disallow removing award badges

master
Aevann1 2022-10-14 19:11:39 +02:00
parent 77312317f3
commit f2a5c8f5d4
1 changed files with 6 additions and 0 deletions

View File

@ -530,6 +530,9 @@ def badge_grant_post(v):
try: badge_id = int(request.values.get("badge_id")) try: badge_id = int(request.values.get("badge_id"))
except: abort(400) except: abort(400)
if SITE == 'watchpeopledie.co' and badge_id not in {99,101}:
abort(403)
if badge_id in {16,17,21,22,23,24,25,26,27,94,95,96,97,98,109,137,67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net': if badge_id in {16,17,21,22,23,24,25,26,27,94,95,96,97,98,109,137,67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net':
abort(403) abort(403)
@ -592,6 +595,9 @@ def badge_remove_post(v):
try: badge_id = int(request.values.get("badge_id")) try: badge_id = int(request.values.get("badge_id"))
except: abort(400) except: abort(400)
if badge_id in {67,68,83,84,87,90,140} and v.id != AEVANN_ID and SITE != 'pcmemes.net':
abort(403)
badge = user.has_badge(badge_id) badge = user.has_badge(badge_id)
if not badge: if not badge:
return render_template("admin/badge_remove.html", v=v, badge_types=badges, error="User doesn't have that badge.") return render_template("admin/badge_remove.html", v=v, badge_types=badges, error="User doesn't have that badge.")