forked from rDrama/rDrama
user can_view functions (#460)
* user: move can_see_to user class * stub out can_see in comments and posts * make can_see a classmethod so it's usable for loggedoutfriends * test * kill me now * threelargeclassesmating * dfdfdfdfdfdfd * sdsdsdsd * classmethod should be above i think * Revert "classmethod should be above i think" This reverts commit df1772eb9e7e71bf7b89123f6277b648de2b1af3. * Revert "Revert "classmethod should be above i think"" This reverts commit 32883406c2e2916fc6c436611376a1817c16cb84. * test rewritnig thing * go home python * what the fuck python * fix AttributeError * sdsdsdsdsdsd * lazy and user and stuff * test * Revert "test" This reverts commit 45af5bb3d45f3ec17126ab117d494ec978062a38. * merge * newline * test * test 2 * Revert "test" This reverts commit 196dae677e2ee8cd29261c93dcb747087cb399b6. * revert test * fix merge error * fix import error ciruclation i think * sdsd * add type annotations back * deleted_utc * isinstance * user_can_see in jinja and remove unnecessary things * a bunch of stuff remove can_see from comment and post expand can_see to messages * antiannoyingamountsofwhitespace * fix for chudrama * improve prevmaster
parent
d80fa23409
commit
83963470e8
|
@ -82,17 +82,6 @@ class Comment(Base):
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f"<Comment(id={self.id})>"
|
return f"<Comment(id={self.id})>"
|
||||||
|
|
||||||
@lazy
|
|
||||||
def can_see(self, v):
|
|
||||||
if SITE != 'rdrama.net': return True
|
|
||||||
if not self.parent_submission: return True
|
|
||||||
if self.post.sub != 'chudrama': return True
|
|
||||||
if v:
|
|
||||||
if v.can_see_chudrama: return True
|
|
||||||
if v.id == self.author_id: return True
|
|
||||||
if v.id == self.post.author_id: return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
def top_comment(self, db:scoped_session):
|
def top_comment(self, db:scoped_session):
|
||||||
return db.get(Comment, self.top_comment_id)
|
return db.get(Comment, self.top_comment_id)
|
||||||
|
|
|
@ -76,22 +76,12 @@ class Submission(Base):
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f"<Submission(id={self.id})>"
|
return f"<Submission(id={self.id})>"
|
||||||
|
|
||||||
@lazy
|
|
||||||
def can_see(self, v):
|
|
||||||
if SITE != 'rdrama.net': return True
|
|
||||||
if self.sub != 'chudrama': return True
|
|
||||||
if v:
|
|
||||||
if v.can_see_chudrama: return True
|
|
||||||
if v.id == self.author_id: return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@lazy
|
@lazy
|
||||||
def controversial(self):
|
def controversial(self):
|
||||||
if self.downvotes > 5 and 0.25 < self.upvotes / self.downvotes < 4: return True
|
if self.downvotes > 5 and 0.25 < self.upvotes / self.downvotes < 4: return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@lazy
|
@lazy
|
||||||
def created_datetime(self):
|
def created_datetime(self):
|
||||||
|
@ -115,8 +105,7 @@ class Submission(Base):
|
||||||
@property
|
@property
|
||||||
@lazy
|
@lazy
|
||||||
def fullname(self):
|
def fullname(self):
|
||||||
return f"p_{self.id}"
|
return f"p_{self.id}"
|
||||||
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@lazy
|
@lazy
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import random
|
import random
|
||||||
from operator import *
|
from operator import *
|
||||||
|
from typing import Union
|
||||||
|
|
||||||
import pyotp
|
import pyotp
|
||||||
from sqlalchemy import Column, ForeignKey
|
from sqlalchemy import Column, ForeignKey
|
||||||
|
@ -943,7 +944,56 @@ class User(Base):
|
||||||
if self.patron == 6:
|
if self.patron == 6:
|
||||||
return 'Contributed at least $200'
|
return 'Contributed at least $200'
|
||||||
return ''
|
return ''
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def can_see_content(cls, user:Optional["User"], other:Union["Submission", "Comment", Sub]) -> bool:
|
||||||
|
'''
|
||||||
|
Whether a user can see this item (be it a submission or comment)'s content.
|
||||||
|
If False, they won't be able to view its content.
|
||||||
|
'''
|
||||||
|
from files.classes.submission import Submission
|
||||||
|
from files.classes.comment import Comment
|
||||||
|
if not cls.can_see(user, other): return False
|
||||||
|
if user and user.admin_level >= PERMS["POST_COMMENT_MODERATION"]: return True
|
||||||
|
if isinstance(other, (Submission, Comment)):
|
||||||
|
if user and user.id == other.author_id: return True
|
||||||
|
if other.is_banned: return False
|
||||||
|
if other.deleted_utc: return False
|
||||||
|
if other.author.shadowbanned and not (user and user.can_see_shadowbanned): return False
|
||||||
|
if isinstance(other, Submission):
|
||||||
|
if other.club and not (user and user.paid_dues): return False
|
||||||
|
if other.sub == 'chudrama' and not (user and user.can_see_chudrama): return False
|
||||||
|
else:
|
||||||
|
if other.parent_submission and not cls.can_see_content(user, other.post): return False
|
||||||
|
return True
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def can_see(cls, user:Optional["User"], other:Union["Submission", "Comment", "Sub", "User"]) -> bool:
|
||||||
|
'''
|
||||||
|
Whether a user can strictly see this item. can_see_content is used where
|
||||||
|
content of a thing can be hidden from view
|
||||||
|
'''
|
||||||
|
from files.classes.submission import Submission
|
||||||
|
from files.classes.comment import Comment
|
||||||
|
if isinstance(other, (Submission, Comment)):
|
||||||
|
if not cls.can_see(user, other.author): return False
|
||||||
|
if user and user.id == other.author_id: return True
|
||||||
|
if isinstance(other, Submission):
|
||||||
|
if other.sub and not cls.can_see(user, other.subr): return False
|
||||||
|
else:
|
||||||
|
if not other.parent_submission:
|
||||||
|
if not user: return False
|
||||||
|
if other.sentto == 2: return user.admin_level >= PERMS['VIEW_MODMAIL'] # type: ignore
|
||||||
|
if other.sentto != user.id: return user.admin_level >= PERMS['POST_COMMENT_MODERATION'] # type: ignore
|
||||||
|
if other.parent_submission and other.post.sub and not cls.can_see(user, other.post.subr): return False
|
||||||
|
# if other.parent_submission and not cls.can_see(user, other.post): return False
|
||||||
|
elif isinstance(other, Sub):
|
||||||
|
return other.name != 'chudrama' or (user and user.can_see_chudrama)
|
||||||
|
elif isinstance(other, User):
|
||||||
|
return (user and user.id == other.id) or (user and user.can_see_shadowbanned) or not other.shadowbanned
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@lazy
|
@lazy
|
||||||
def can_see_chudrama(self):
|
def can_see_chudrama(self):
|
||||||
|
|
|
@ -32,19 +32,14 @@ WORDLE_COLOR_MAPPINGS = {-1: "🟥", 0: "🟨", 1: "🟩"}
|
||||||
@auth_desired_with_logingate
|
@auth_desired_with_logingate
|
||||||
def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
|
def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
|
||||||
comment = get_comment(cid, v=v)
|
comment = get_comment(cid, v=v)
|
||||||
if not comment.can_see(v): abort(403)
|
if not User.can_see(v, comment): abort(404)
|
||||||
|
if comment.post and comment.post.club and not User.can_see_content(v, comment): abort(403)
|
||||||
if comment.author.shadowbanned and not (v and v.can_see_shadowbanned):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
if v and request.values.get("read"):
|
if v and request.values.get("read"):
|
||||||
notif = g.db.query(Notification).filter_by(comment_id=cid, user_id=v.id, read=False).one_or_none()
|
notif = g.db.query(Notification).filter_by(comment_id=cid, user_id=v.id, read=False).one_or_none()
|
||||||
if notif:
|
if notif:
|
||||||
notif.read = True
|
notif.read = True
|
||||||
g.db.add(notif)
|
g.db.add(notif)
|
||||||
|
|
||||||
if comment.post and comment.post.club and not (v and (v.paid_dues or v.id in [comment.author_id, comment.post.author_id])): abort(403)
|
|
||||||
if not comment.parent_submission and not (v and (comment.author.id == v.id or comment.sentto == v.id)) and not (v and v.admin_level >= PERMS['POST_COMMENT_MODERATION']) : abort(403)
|
|
||||||
|
|
||||||
if not pid:
|
if not pid:
|
||||||
if comment.parent_submission: pid = comment.parent_submission
|
if comment.parent_submission: pid = comment.parent_submission
|
||||||
|
@ -118,7 +113,7 @@ def comment(v):
|
||||||
|
|
||||||
if parent_post.club and not (v and (v.paid_dues or v.id == parent_post.author_id)): abort(403)
|
if parent_post.club and not (v and (v.paid_dues or v.id == parent_post.author_id)): abort(403)
|
||||||
|
|
||||||
if not parent.can_see(v): abort(404)
|
if not User.can_see(v, parent): abort(404)
|
||||||
if parent.deleted_utc != 0: abort(404)
|
if parent.deleted_utc != 0: abort(404)
|
||||||
|
|
||||||
if level > COMMENT_MAX_DEPTH: abort(400, f"Max comment level is {COMMENT_MAX_DEPTH}")
|
if level > COMMENT_MAX_DEPTH: abort(400, f"Max comment level is {COMMENT_MAX_DEPTH}")
|
||||||
|
|
|
@ -42,9 +42,8 @@ def front_all(v, sub=None, subdomain=None):
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
#### WPD TEMP #### end special front logic
|
#### WPD TEMP #### end special front logic
|
||||||
if sub:
|
if sub:
|
||||||
sub = sub.strip().lower()
|
|
||||||
if sub == 'chudrama' and not (v and v.can_see_chudrama): abort(403)
|
|
||||||
sub = get_sub_by_name(sub, graceful=True)
|
sub = get_sub_by_name(sub, graceful=True)
|
||||||
|
if sub and not User.can_see(v, sub): abort(403)
|
||||||
|
|
||||||
if (request.path.startswith('/h/') or request.path.startswith('/s/')) and not sub: abort(404)
|
if (request.path.startswith('/h/') or request.path.startswith('/s/')) and not sub: abort(404)
|
||||||
|
|
||||||
|
@ -172,12 +171,9 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, filter_words='
|
||||||
if SITE_NAME == 'rDrama':
|
if SITE_NAME == 'rDrama':
|
||||||
pins = pins.order_by(Submission.author_id != LAWLZ_ID)
|
pins = pins.order_by(Submission.author_id != LAWLZ_ID)
|
||||||
pins = pins.order_by(Submission.created_utc.desc()).all()
|
pins = pins.order_by(Submission.created_utc.desc()).all()
|
||||||
|
|
||||||
posts = pins + posts
|
posts = pins + posts
|
||||||
|
|
||||||
if ids_only: posts = [x.id for x in posts]
|
if ids_only: posts = [x.id for x in posts]
|
||||||
|
|
||||||
|
|
||||||
return posts, next_exists
|
return posts, next_exists
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ from os import environ, listdir, path
|
||||||
|
|
||||||
from jinja2 import pass_context
|
from jinja2 import pass_context
|
||||||
|
|
||||||
|
from files.classes.user import User
|
||||||
from files.helpers.assetcache import assetcache_path
|
from files.helpers.assetcache import assetcache_path
|
||||||
from files.helpers.const import *
|
from files.helpers.const import *
|
||||||
from files.helpers.settings import get_settings
|
from files.helpers.settings import get_settings
|
||||||
|
@ -56,7 +57,7 @@ def inject_constants():
|
||||||
"KOFI_TOKEN":KOFI_TOKEN, "KOFI_LINK":KOFI_LINK,
|
"KOFI_TOKEN":KOFI_TOKEN, "KOFI_LINK":KOFI_LINK,
|
||||||
"approved_embed_hosts":approved_embed_hosts,
|
"approved_embed_hosts":approved_embed_hosts,
|
||||||
"site_settings":get_settings(), "EMAIL":EMAIL, "calc_users":calc_users,
|
"site_settings":get_settings(), "EMAIL":EMAIL, "calc_users":calc_users,
|
||||||
"max": max, "min": min,
|
"max": max, "min": min, "user_can_see":User.can_see,
|
||||||
"TELEGRAM_LINK":TELEGRAM_LINK, "EMAIL_REGEX_PATTERN":EMAIL_REGEX_PATTERN,
|
"TELEGRAM_LINK":TELEGRAM_LINK, "EMAIL_REGEX_PATTERN":EMAIL_REGEX_PATTERN,
|
||||||
"CONTENT_SECURITY_POLICY_DEFAULT":CONTENT_SECURITY_POLICY_DEFAULT,
|
"CONTENT_SECURITY_POLICY_DEFAULT":CONTENT_SECURITY_POLICY_DEFAULT,
|
||||||
"CONTENT_SECURITY_POLICY_HOME":CONTENT_SECURITY_POLICY_HOME,
|
"CONTENT_SECURITY_POLICY_HOME":CONTENT_SECURITY_POLICY_HOME,
|
||||||
|
@ -65,5 +66,5 @@ def inject_constants():
|
||||||
"HOUSE_JOIN_COST":HOUSE_JOIN_COST, "HOUSE_SWITCH_COST":HOUSE_SWITCH_COST, "IMAGE_FORMATS":IMAGE_FORMATS,
|
"HOUSE_JOIN_COST":HOUSE_JOIN_COST, "HOUSE_SWITCH_COST":HOUSE_SWITCH_COST, "IMAGE_FORMATS":IMAGE_FORMATS,
|
||||||
"PAGE_SIZES":PAGE_SIZES, "THEMES":THEMES, "COMMENT_SORTS":COMMENT_SORTS, "SORTS":SORTS,
|
"PAGE_SIZES":PAGE_SIZES, "THEMES":THEMES, "COMMENT_SORTS":COMMENT_SORTS, "SORTS":SORTS,
|
||||||
"TIME_FILTERS":TIME_FILTERS, "HOUSES":HOUSES, "TIERS_ID_TO_NAME":TIERS_ID_TO_NAME,
|
"TIME_FILTERS":TIME_FILTERS, "HOUSES":HOUSES, "TIERS_ID_TO_NAME":TIERS_ID_TO_NAME,
|
||||||
"DEFAULT_CONFIG_VALUE":DEFAULT_CONFIG_VALUE
|
"DEFAULT_CONFIG_VALUE":DEFAULT_CONFIG_VALUE,
|
||||||
}
|
}
|
||||||
|
|
|
@ -137,7 +137,8 @@ def submit_get(v, sub=None):
|
||||||
@auth_desired_with_logingate
|
@auth_desired_with_logingate
|
||||||
def post_id(pid, anything=None, v=None, sub=None):
|
def post_id(pid, anything=None, v=None, sub=None):
|
||||||
post = get_post(pid, v=v)
|
post = get_post(pid, v=v)
|
||||||
if not post.can_see(v): abort(403)
|
if not User.can_see(v, post): abort(403)
|
||||||
|
if not User.can_see_content(v, post) and post.club: abort(403)
|
||||||
|
|
||||||
if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
|
if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
|
||||||
if g.is_api_or_xhr: return {"error":"Must be 18+ to view"}, 451
|
if g.is_api_or_xhr: return {"error":"Must be 18+ to view"}, 451
|
||||||
|
@ -148,8 +149,6 @@ def post_id(pid, anything=None, v=None, sub=None):
|
||||||
else: defaultsortingcomments = "hot"
|
else: defaultsortingcomments = "hot"
|
||||||
sort = request.values.get("sort", defaultsortingcomments)
|
sort = request.values.get("sort", defaultsortingcomments)
|
||||||
|
|
||||||
if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403)
|
|
||||||
|
|
||||||
if v:
|
if v:
|
||||||
execute_shadowban_viewers_and_voters(v, post)
|
execute_shadowban_viewers_and_voters(v, post)
|
||||||
# shadowban check is done in sort_objects
|
# shadowban check is done in sort_objects
|
||||||
|
|
|
@ -50,12 +50,11 @@ def vote_post_comment(target_id, new, v, cls, vote_cls):
|
||||||
target = get_post(target_id)
|
target = get_post(target_id)
|
||||||
elif cls == Comment:
|
elif cls == Comment:
|
||||||
target = get_comment(target_id)
|
target = get_comment(target_id)
|
||||||
if not target.post: abort(404)
|
if not target.parent_submission: abort(404)
|
||||||
else:
|
else:
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
if target.author.shadowbanned and not v.can_see_shadowbanned:
|
if not User.can_see(v, target): abort(404)
|
||||||
abort(404)
|
|
||||||
|
|
||||||
coin_delta = 1
|
coin_delta = 1
|
||||||
if v.id == target.author.id:
|
if v.id == target.author.id:
|
||||||
|
|
|
@ -739,7 +739,7 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
{% for comment in comments if comment.can_see(v) %}
|
{% for comment in comments if user_can_see(v, comment) %}
|
||||||
{{single_comment(comment)}}
|
{{single_comment(comment)}}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
{% include "popover.html" %}
|
{% include "popover.html" %}
|
||||||
|
|
||||||
{% for p in listing if p.can_see(v) %}
|
{% for p in listing if user_can_see(v, p) %}
|
||||||
|
|
||||||
{% set ups=p.upvotes %}
|
{% set ups=p.upvotes %}
|
||||||
{% set downs=p.downvotes %}
|
{% set downs=p.downvotes %}
|
||||||
|
|
Loading…
Reference in New Issue