MarseyWorld/files/routes/reporting.py

from files.helpers.wrappers import *
from files.helpers.get import *
from files.helpers.alerts import *
from files.helpers.actions import *
from flask import g
from files.__main__ import app, limiter
from os import path
from files.helpers.sanitize import filter_emojis_only

@app.post("/report/post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def flag_post(pid, v):
	post = get_post(pid)
	reason = request.values.get("reason", "").strip()
	execute_blackjack(v, post, reason, 'flag')
	if v.is_muted: abort(403, "You are forbidden from making reports.")
	reason = reason[:100]
	reason = filter_emojis_only(reason)
	if len(reason) > 350: abort(400, "Too long.")

	if reason.startswith('!') and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.sub and v.mods(post.sub)):
		post.flair = reason[1:]
		g.db.add(post)
		if v.admin_level >= PERMS['POST_COMMENT_MODERATION']:
			ma=ModAction(
				kind="flair_post",
				user_id=v.id,
				target_submission_id=post.id,
				_note=f'"{post.flair}"'
			)
			g.db.add(ma)
		else:
			ma = SubAction(
				sub=post.sub,
				kind="flair_post",
				user_id=v.id,
				target_submission_id=post.id,
				_note=f'"{post.flair}"'
			)
			g.db.add(ma)
		return {"message": "Post flaired successfully!"}

	moved = move_post(post, v, reason)
	if moved: return {"message": moved}
	
	existing = g.db.query(Flag.post_id).filter_by(user_id=v.id, post_id=post.id).one_or_none()
	if existing: abort(409, "You already reported this post!")
	flag = Flag(post_id=post.id, user_id=v.id, reason=reason)
	g.db.add(flag)

	return {"message": "Post reported!"}


@app.post("/report/comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def flag_comment(cid, v):

	comment = get_comment(cid)
	
	existing = g.db.query(CommentFlag.comment_id).filter_by(user_id=v.id, comment_id=comment.id).one_or_none()
	if existing: abort(409, "You already reported this comment!")

	reason = request.values.get("reason", "").strip()
	execute_blackjack(v, comment, reason, 'flag')
	reason = reason[:100]
	reason = filter_emojis_only(reason)

	if len(reason) > 350: abort(400, "Too long.")

	flag = CommentFlag(comment_id=comment.id, user_id=v.id, reason=reason)

	g.db.add(flag)

	return {"message": "Comment reported!"}


@app.post('/del_report/post/<pid>/<uid>')
@limiter.limit("4/second;100/minute;300/hour;2000/day")
@admin_level_required(PERMS['FLAGS_REMOVE'])
def remove_report_post(v, pid, uid):
	try:
		pid = int(pid)
		uid = int(uid)
	except: abort(404)
	report = g.db.query(Flag).filter_by(post_id=pid, user_id=uid).one_or_none()

	if report:
		g.db.delete(report)

		ma=ModAction(
			kind="delete_report",
			user_id=v.id,
			target_submission_id=pid
		)

		g.db.add(ma)
	return {"message": "Report removed successfully!"}


@app.post('/del_report/comment/<cid>/<uid>')
@limiter.limit("4/second;100/minute;300/hour;2000/day")
@admin_level_required(PERMS['FLAGS_REMOVE'])
def remove_report_comment(v, cid, uid):
	try:
		cid = int(cid)
		uid = int(uid)
	except: abort(404)
	report = g.db.query(CommentFlag).filter_by(comment_id=cid, user_id=uid).one_or_none()
	
	if report:
		g.db.delete(report)

		ma=ModAction(
			kind="delete_report",
			user_id=v.id,
			target_comment_id=cid
		)

		g.db.add(ma)
	return {"message": "Report removed successfully!"}

def move_post(post:Submission, v:User, reason:str) -> Union[bool, str]:
	if not reason.startswith('/h/'): return False
	sub_from = post.sub
	sub_to = get_sub_by_name(reason, graceful=True)
	sub_to = sub_to.name if sub_to else None
	
	can_move_post = v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or (post.sub and v.mods(sub_from))
	if sub_from != 'chudrama': # posts can only be moved out of /h/chudrama by admins
		can_move_post = can_move_post or post.author_id == v.id
	if not can_move_post: return False

	if sub_from == sub_to: abort(409, f"Post is already in /h/{sub_to}")
	if post.author.exiled_from(sub_to):
		abort(403, f"User is exiled from this {HOLE_NAME}!")

	if sub_to in ('furry','vampire','racist','femboy') and not v.client and not post.author.house.lower().startswith(sub_to):
		if v.id == post.author_id:
			abort(403, f"You need to be a member of House {sub_to.capitalize()} to post in /h/{sub_to}")
		else:
			abort(403, f"@{post.author.username} needs to be a member of House {sub_to.capitalize()} for their post to be moved to /h/{sub_to}")
	
	post.sub = sub_to
	g.db.add(post)

	if v.id != post.author_id:
		if v.admin_level:
			sub_from_str = 'main feed' if sub_from is None else \
				f'<a href="/h/{sub_from}">/h/{sub_from}</a>'
			sub_to_str = 'main feed' if sub_to is None else \
				f'<a href="/h/{sub_to}">/h/{sub_to}</a>'
			ma = ModAction(
				kind='move_hole',
				user_id=v.id,
				target_submission_id=post.id,
				_note=f'{sub_from_str} → {sub_to_str}',
			)
			g.db.add(ma)
		else:
			ma = SubAction(
				sub=sub_from,
				kind='move_chudrama',
				user_id=v.id,
				target_submission_id=post.id
			)
			g.db.add(ma)

		if v.admin_level >= PERMS['POST_COMMENT_MODERATION']: position = 'Admin'
		else: position = 'Mod'
		message = f"@{v.username} ({position}) has moved [{post.title}]({post.shortlink}) to /h/{post.sub}"
		send_repeatable_notification(post.author_id, message)
	return f"Post moved to /h/{post.sub}"
mn 2022-05-04 23:09:46 +00:00			`from files.helpers.wrappers import *`
			`from files.helpers.get import *`
OPs can now rehole their posts 2022-07-04 02:19:43 +00:00			`from files.helpers.alerts import *`
refactor blackjack a bit 2022-10-21 00:28:05 +00:00			`from files.helpers.actions import *`
mn 2022-05-04 23:09:46 +00:00			`from flask import g`
			`from files.__main__ import app, limiter`
			`from os import path`
			`from files.helpers.sanitize import filter_emojis_only`

			`@app.post("/report/post/<pid>")`
			`@limiter.limit("1/second;30/minute;200/hour;1000/day")`
replace "request.host" with "SITE" 2022-07-13 18:14:37 +00:00			`@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')`
mn 2022-05-04 23:09:46 +00:00			`@auth_required`
make some function names shorter 2022-08-11 04:05:23 +00:00			`def flag_post(pid, v):`
mn 2022-05-04 23:09:46 +00:00			`post = get_post(pid)`
			`reason = request.values.get("reason", "").strip()`
refactor blackjack a bit 2022-10-21 00:28:05 +00:00			`execute_blackjack(v, post, reason, 'flag')`
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`if v.is_muted: abort(403, "You are forbidden from making reports.")`
mn 2022-05-04 23:09:46 +00:00			`reason = reason[:100]`
			`reason = filter_emojis_only(reason)`
abort a bunch of stuff where we manually returned JSON 2022-10-11 13:01:39 +00:00			`if len(reason) > 350: abort(400, "Too long.")`
mn 2022-05-04 23:09:46 +00:00
... 2022-10-06 08:40:33 +00:00			`if reason.startswith('!') and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.sub and v.mods(post.sub)):`
mn 2022-05-04 23:09:46 +00:00			`post.flair = reason[1:]`
			`g.db.add(post)`
user ban and also fix global hole mod a bit i hope i didn't screw up the templates 2022-10-06 01:58:43 +00:00			`if v.admin_level >= PERMS['POST_COMMENT_MODERATION']:`
don't show jannies flairing in the modlog 2022-08-20 20:14:20 +00:00			`ma=ModAction(`
			`kind="flair_post",`
			`user_id=v.id,`
			`target_submission_id=post.id,`
			`_note=f'"{post.flair}"'`
			`)`
			`g.db.add(ma)`
add hole mod logs (#380) 2022-09-29 09:39:37 +00:00			`else:`
			`ma = SubAction(`
fix shit with hole logs 2022-09-29 10:18:27 +00:00			`sub=post.sub,`
add hole mod logs (#380) 2022-09-29 09:39:37 +00:00			`kind="flair_post",`
			`user_id=v.id,`
fix shit with hole logs 2022-09-29 10:18:27 +00:00			`target_submission_id=post.id,`
			`_note=f'"{post.flair}"'`
add hole mod logs (#380) 2022-09-29 09:39:37 +00:00			`)`
			`g.db.add(ma)`
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`return {"message": "Post flaired successfully!"}`
add hole mod logs (#380) 2022-09-29 09:39:37 +00:00
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`moved = move_post(post, v, reason)`
			`if moved: return {"message": moved}`

			`existing = g.db.query(Flag.post_id).filter_by(user_id=v.id, post_id=post.id).one_or_none()`
			`if existing: abort(409, "You already reported this post!")`
			`flag = Flag(post_id=post.id, user_id=v.id, reason=reason)`
			`g.db.add(flag)`
mn 2022-05-04 23:09:46 +00:00
			`return {"message": "Post reported!"}`


			`@app.post("/report/comment/<cid>")`
			`@limiter.limit("1/second;30/minute;200/hour;1000/day")`
replace "request.host" with "SITE" 2022-07-13 18:14:37 +00:00			`@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')`
mn 2022-05-04 23:09:46 +00:00			`@auth_required`
make some function names shorter 2022-08-11 04:05:23 +00:00			`def flag_comment(cid, v):`
mn 2022-05-04 23:09:46 +00:00
			`comment = get_comment(cid)`

remove weird spaes 2022-08-17 20:30:07 +00:00			`existing = g.db.query(CommentFlag.comment_id).filter_by(user_id=v.id, comment_id=comment.id).one_or_none()`
add 409 to errors * also move check for AUTOJANNY_ID to before has_blocked 2022-10-11 14:51:14 +00:00			`if existing: abort(409, "You already reported this comment!")`
mn 2022-05-04 23:09:46 +00:00
			`reason = request.values.get("reason", "").strip()`
refactor blackjack a bit 2022-10-21 00:28:05 +00:00			`execute_blackjack(v, comment, reason, 'flag')`
mn 2022-05-04 23:09:46 +00:00			`reason = reason[:100]`
			`reason = filter_emojis_only(reason)`

abort a bunch of stuff where we manually returned JSON 2022-10-11 13:01:39 +00:00			`if len(reason) > 350: abort(400, "Too long.")`
mn 2022-05-04 23:09:46 +00:00
			`flag = CommentFlag(comment_id=comment.id, user_id=v.id, reason=reason)`

			`g.db.add(flag)`

			`return {"message": "Comment reported!"}`


			`@app.post('/del_report/post/<pid>/<uid>')`
Increase rate-limit on /del_report/. 2022-07-09 00:46:44 +00:00			`@limiter.limit("4/second;100/minute;300/hour;2000/day")`
Permission flags UI visibility; start PERMS dict. Original work started for WPD and LGB, who wish to restrict flags visibility in the UI based on admin_level. To support this change and upcoming changes, `const.PERMS: string -> int` was created. Potentially targetting a future design where Permissions is a proper business object integrated with the User model; however, for now just looking toward getting admin_level magic numbers centralized. This commit applies PERMS to: create_hole, flags visibility in UI, flag removal in UI & backend. Flag visibility in Comment & Submission json_raw methods is unaffected to avoid needing a user object to build the JSON. 2022-07-07 03:45:33 +00:00			`@admin_level_required(PERMS['FLAGS_REMOVE'])`
mn 2022-05-04 23:09:46 +00:00			`def remove_report_post(v, pid, uid):`
			`try:`
			`pid = int(pid)`
			`uid = int(uid)`
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`except: abort(404)`
no more 500 error 2022-06-07 10:32:48 +00:00			`report = g.db.query(Flag).filter_by(post_id=pid, user_id=uid).one_or_none()`
mn 2022-05-04 23:09:46 +00:00
no more 500 error 2022-06-07 10:32:48 +00:00			`if report:`
			`g.db.delete(report)`
mn 2022-05-04 23:09:46 +00:00
no more 500 error 2022-06-07 10:32:48 +00:00			`ma=ModAction(`
			`kind="delete_report",`
			`user_id=v.id,`
			`target_submission_id=pid`
			`)`
mn 2022-05-04 23:09:46 +00:00
no more 500 error 2022-06-07 10:32:48 +00:00			`g.db.add(ma)`
mn 2022-05-04 23:09:46 +00:00			`return {"message": "Report removed successfully!"}`


			`@app.post('/del_report/comment/<cid>/<uid>')`
Increase rate-limit on /del_report/. 2022-07-09 00:46:44 +00:00			`@limiter.limit("4/second;100/minute;300/hour;2000/day")`
Permission flags UI visibility; start PERMS dict. Original work started for WPD and LGB, who wish to restrict flags visibility in the UI based on admin_level. To support this change and upcoming changes, `const.PERMS: string -> int` was created. Potentially targetting a future design where Permissions is a proper business object integrated with the User model; however, for now just looking toward getting admin_level magic numbers centralized. This commit applies PERMS to: create_hole, flags visibility in UI, flag removal in UI & backend. Flag visibility in Comment & Submission json_raw methods is unaffected to avoid needing a user object to build the JSON. 2022-07-07 03:45:33 +00:00			`@admin_level_required(PERMS['FLAGS_REMOVE'])`
mn 2022-05-04 23:09:46 +00:00			`def remove_report_comment(v, cid, uid):`
fix 17 potential 500s 2022-10-16 09:51:42 +00:00			`try:`
			`cid = int(cid)`
			`uid = int(uid)`
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`except: abort(404)`
no more 500 error 2022-06-07 10:32:48 +00:00			`report = g.db.query(CommentFlag).filter_by(comment_id=cid, user_id=uid).one_or_none()`
mn 2022-05-04 23:09:46 +00:00
no more 500 error 2022-06-07 10:32:48 +00:00			`if report:`
			`g.db.delete(report)`
mn 2022-05-04 23:09:46 +00:00
no more 500 error 2022-06-07 10:32:48 +00:00			`ma=ModAction(`
			`kind="delete_report",`
			`user_id=v.id,`
			`target_comment_id=cid`
			`)`
mn 2022-05-04 23:09:46 +00:00
no more 500 error 2022-06-07 10:32:48 +00:00			`g.db.add(ma)`
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`return {"message": "Report removed successfully!"}`
mn 2022-05-04 23:09:46 +00:00
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`def move_post(post:Submission, v:User, reason:str) -> Union[bool, str]:`
			`if not reason.startswith('/h/'): return False`
			`sub_from = post.sub`
fix prev commit 2022-11-03 00:30:00 +00:00			`sub_to = get_sub_by_name(reason, graceful=True)`
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`sub_to = sub_to.name if sub_to else None`

			`can_move_post = v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or (post.sub and v.mods(sub_from))`
			`if sub_from != 'chudrama': # posts can only be moved out of /h/chudrama by admins`
			`can_move_post = can_move_post or post.author_id == v.id`
			`if not can_move_post: return False`

			`if sub_from == sub_to: abort(409, f"Post is already in /h/{sub_to}")`
			`if post.author.exiled_from(sub_to):`
			`abort(403, f"User is exiled from this {HOLE_NAME}!")`

			`if sub_to in ('furry','vampire','racist','femboy') and not v.client and not post.author.house.lower().startswith(sub_to):`
			`if v.id == post.author_id:`
			`abort(403, f"You need to be a member of House {sub_to.capitalize()} to post in /h/{sub_to}")`
			`else:`
			`abort(403, f"@{post.author.username} needs to be a member of House {sub_to.capitalize()} for their post to be moved to /h/{sub_to}")`

			`post.sub = sub_to`
			`g.db.add(post)`

			`if v.id != post.author_id:`
			`if v.admin_level:`
			`sub_from_str = 'main feed' if sub_from is None else \`
			`f'<a href="/h/{sub_from}">/h/{sub_from}</a>'`
			`sub_to_str = 'main feed' if sub_to is None else \`
			`f'<a href="/h/{sub_to}">/h/{sub_to}</a>'`
			`ma = ModAction(`
			`kind='move_hole',`
			`user_id=v.id,`
			`target_submission_id=post.id,`
			`_note=f'{sub_from_str} → {sub_to_str}',`
			`)`
			`g.db.add(ma)`
			`else:`
			`ma = SubAction(`
			`sub=sub_from,`
			`kind='move_chudrama',`
			`user_id=v.id,`
			`target_submission_id=post.id`
			`)`
			`g.db.add(ma)`
mn 2022-05-04 23:09:46 +00:00
flags: make users unable to move their posts out of /h/chudrama this required refactoring the entire thing so it didn't become with really really bad chain of ors that would span like 3000 miles 2022-11-03 00:24:00 +00:00			`if v.admin_level >= PERMS['POST_COMMENT_MODERATION']: position = 'Admin'`
			`else: position = 'Mod'`
			`message = f"@{v.username} ({position}) has moved [{post.title}]({post.shortlink}) to /h/{post.sub}"`
			`send_repeatable_notification(post.author_id, message)`
			`return f"Post moved to /h/{post.sub}"`