From fc8b96773f90eb24311a1b0e7bf800778da20a37 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Thu, 14 Nov 2024 00:23:20 +0200
Subject: [PATCH] only allow jannies to view deleted accounts

---
 files/helpers/config/const.py | 2 ++
 files/routes/wrappers.py      | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py
index ec79c245b..20c50d224 100644
--- a/files/helpers/config/const.py
+++ b/files/helpers/config/const.py
@@ -158,6 +158,7 @@ TAGLINES = ()
 if SITE_NAME == 'rDrama':
 	PERMS = { # Minimum admin_level to perform action.
 		'HOLE_CREATE': 0,
+		'VIEW_DELETED_ACCOUNTS': 0,
 
 		'POST_BETS': 1,
 		'POST_BETS_DISTRIBUTE': 1,
@@ -328,6 +329,7 @@ else:
 		'POST_IN_H_ANNOUNCEMENTS': 3,
 		'VIEW_CHATS': 3,
 		'PUBLISH_OTHERS_POSTS': 3,
+		'VIEW_DELETED_ACCOUNTS': 3,
 
 		'VIEW_CHAT_LIST': 4,
 		'INFINITE_CURRENCY': 4,
diff --git a/files/routes/wrappers.py b/files/routes/wrappers.py
index 23cb798e3..00183fdbb 100644
--- a/files/routes/wrappers.py
+++ b/files/routes/wrappers.py
@@ -158,6 +158,10 @@ def auth_required(f):
 			stop(401, "You need to login to perform this action!")
 		if v.is_permabanned and request.method == "POST" and request.path not in {'/contact','/reply','/logout'} and not request.path.startswith('/delete/'):
 			stop(403, "You can't perform this action while permabanned!")
+
+		if request.path.startswith('/@DELETED-') and v.admin_level < PERMS['VIEW_DELETED_ACCOUNTS']:
+			stop(403, "Account is deleted.")
+
 		return make_response(f(*args, v=v, **kwargs))
 	wrapper.__name__ = f.__name__
 	return wrapper