rDrama/files/routes/groups.py

from files.classes import *
from files.helpers.alerts import *
from files.helpers.regex import *
from files.helpers.get import *

from files.routes.wrappers import *

from files.__main__ import app, limiter

@app.get("/ping_groups")
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@auth_required
def ping_groups(v:User):
	groups = g.db.query(Group).order_by(Group.created_utc).all()
	return render_template('groups.html', v=v, groups=groups, cost=GROUP_COST, msg=get_msg(), error=get_error())

@app.post("/create_group")
@limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@is_not_permabanned
def create_group(v):
	name = request.values.get('name')
	if not name: abort(400)
	name = name.strip().lower()

	if name.startswith('slots') or name.startswith('remindme'):
		return redirect(f"/ping_groups?error=You can't make a group with that name!")

	if not valid_sub_regex.fullmatch(name):
		return redirect(f"/ping_groups?error=Name does not match the required format!")

	if name == 'everyone' or g.db.get(Group, name):
		return redirect(f"/ping_groups?error=This group already exists!")

	if not v.charge_account('combined', GROUP_COST)[0]:
		return redirect(f"/ping_groups?error=You don't have enough coins or marseybux!")

	g.db.add(v)
	if v.shadowbanned: abort(500)

	group = Group(name=name)
	g.db.add(group)
	g.db.flush()

	group_membership = GroupMembership(
		user_id=v.id,
		group_name=group.name,
		created_utc=time.time(),
		approved_utc=time.time()
		)
	g.db.add(group_membership)

	admins = [x[0] for x in g.db.query(User.id).filter(User.admin_level >= PERMS['NOTIFICATIONS_HOLE_CREATION'], User.id != v.id).all()]
	for admin in admins:
		send_repeatable_notification(admin, f":!marseyparty: !{group} has been created by @{v.username} :marseyparty:")

	return redirect(f'/ping_groups?msg=!{group} created successfully!')

@app.post("/!<group_name>/apply")
@limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@auth_required
def join_group(v:User, group_name):
	group_name = group_name.strip().lower()

	group = g.db.get(Group, group_name)
	if not group: abort(404)
	existing = g.db.query(GroupMembership).filter_by(user_id=v.id, group_name=group_name).one_or_none()
	if not existing:
		join = GroupMembership(user_id=v.id, group_name=group_name)
		g.db.add(join)
		send_notification(group.owner.id, f"@{v.username} has applied to join !{group}. You can approve or reject the application [here](/!{group}).")

	return {"message": f"Application submitted to !{group}'s owner (@{group.owner.username}) successfully!"}

@app.post("/!<group_name>/leave")
@limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@auth_required
def leave_group(v:User, group_name):
	group_name = group_name.strip().lower()

	if group_name == 'jannies':
		abort(403, "You can't leave !jannies")

	group = g.db.get(Group, group_name)
	if not group: abort(404)
	existing = g.db.query(GroupMembership).filter_by(user_id=v.id, group_name=group_name).one_or_none()
	if existing:
		if existing.approved_utc:
			text = f"@{v.username} has left !{group}"
			msg = f"You have left !{group} successfully!"
		else:
			text = f"@{v.username} has cancelled their application to !{group}"
			msg = f"You have cancelled your application to !{group} successfully!"

		send_notification(group.owner.id, text)
		g.db.delete(existing)

		return {"message": msg}

	return {"message": ''}


@app.get("/!<group_name>")
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@auth_required
def memberships(v:User, group_name):
	group_name = group_name.strip().lower()

	group = g.db.get(Group, group_name)
	if not group: abort(404)

	members = g.db.query(GroupMembership).filter(
			GroupMembership.group_name == group_name,
			GroupMembership.approved_utc != None
		).order_by(GroupMembership.approved_utc).all()

	applications = g.db.query(GroupMembership).filter(
			GroupMembership.group_name == group_name,
			GroupMembership.approved_utc == None
		).order_by(GroupMembership.created_utc).all()

	return render_template('group_memberships.html', v=v, group=group, members=members, applications=applications)

@app.post("/!<group_name>/<user_id>/approve")
@limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@auth_required
def group_approve(v:User, group_name, user_id):
	group_name = group_name.strip().lower()

	group = g.db.get(Group, group_name)
	if not group: abort(404)

	if v.id != group.owner.id and v.admin_level < PERMS['MODS_EVERY_GROUP']:
		abort(403, f"Only the group owner (@{group.owner.username}) can approve applications!")

	application = g.db.query(GroupMembership).filter_by(user_id=user_id, group_name=group.name).one_or_none()
	if not application:
		abort(404, "There is no application to approve!")

	if not application.approved_utc:
		application.approved_utc = time.time()
		g.db.add(application)
		send_repeatable_notification(application.user_id, f"@{v.username} (!{group}'s owner) has approved your application!")

	return {"message": f'You have approved @{application.user.username} successfully!'}

@app.post("/!<group_name>/<user_id>/reject")
@limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT)
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
@auth_required
def group_reject(v:User, group_name, user_id):
	group_name = group_name.strip().lower()

	group = g.db.get(Group, group_name)
	if not group: abort(404)

	if v.id != group.owner.id and v.admin_level < PERMS['MODS_EVERY_GROUP']:
		abort(403, f"Only the group owner (@{group.owner.username}) can reject memberships!")

	membership = g.db.query(GroupMembership).filter_by(user_id=user_id, group_name=group.name).one_or_none()
	if not membership:
		abort(404, "There is no membership to reject!")

	if membership.approved_utc:
		text = f"@{v.username} (!{group}'s owner) has kicked you from the group!"
		msg = f"You have kicked @{membership.user.username} successfully!"
	else:
		text = f"@{v.username} (!{group}'s owner) has rejected your application!"
		msg = f"You have rejected @{membership.user.username} successfully!"

	if v.id != membership.user_id:
		send_repeatable_notification(membership.user_id, text)

	g.db.delete(membership)

	return {"message": msg}
add ping groups 2023-02-24 06:31:06 +00:00			`from files.classes import *`
			`from files.helpers.alerts import *`
			`from files.helpers.regex import *`
			`from files.helpers.get import *`

			`from files.routes.wrappers import *`

			`from files.__main__ import app, limiter`

			`@app.get("/ping_groups")`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
add ping groups 2023-02-24 06:31:06 +00:00			`@auth_required`
			`def ping_groups(v:User):`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`groups = g.db.query(Group).order_by(Group.created_utc).all()`
add ping groups 2023-02-24 06:31:06 +00:00			`return render_template('groups.html', v=v, groups=groups, cost=GROUP_COST, msg=get_msg(), error=get_error())`

			`@app.post("/create_group")`
blackjack fix exploit 2023-02-27 05:33:45 +00:00			`@limiter.limit('1/second', scope=rpath)`
add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 06:52:26 +00:00			`@limiter.limit('1/second', scope=rpath, key_func=get_ID)`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
add ping groups 2023-02-24 06:31:06 +00:00			`@is_not_permabanned`
			`def create_group(v):`
			`name = request.values.get('name')`
			`if not name: abort(400)`
			`name = name.strip().lower()`

remove !wordle since nobody uses it (only 2 ppl used it last 30 days in rdrama and WPD) 2023-04-29 21:27:45 +00:00			`if name.startswith('slots') or name.startswith('remindme'):`
forbid slots in ping group names 2023-03-04 21:45:12 +00:00			`return redirect(f"/ping_groups?error=You can't make a group with that name!")`

add ping groups 2023-02-24 06:31:06 +00:00			`if not valid_sub_regex.fullmatch(name):`
			`return redirect(f"/ping_groups?error=Name does not match the required format!")`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`if name == 'everyone' or g.db.get(Group, name):`
disallow creating !everyone 2023-03-02 19:21:38 +00:00			`return redirect(f"/ping_groups?error=This group already exists!")`

combined buy button for awards and hats 2023-04-24 15:08:40 +00:00			`if not v.charge_account('combined', GROUP_COST)[0]:`
allow ppl to make ping groups w/ mbux 2023-03-07 05:06:17 +00:00			`return redirect(f"/ping_groups?error=You don't have enough coins or marseybux!")`
disallow creating !everyone 2023-03-02 19:21:38 +00:00
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.add(v)`
disallow creating !everyone 2023-03-02 19:21:38 +00:00			`if v.shadowbanned: abort(500)`

			`group = Group(name=name)`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.add(group)`
			`g.db.flush()`
disallow creating !everyone 2023-03-02 19:21:38 +00:00
			`group_membership = GroupMembership(`
			`user_id=v.id,`
			`group_name=group.name,`
			`created_utc=time.time(),`
			`approved_utc=time.time()`
			`)`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.add(group_membership)`
disallow creating !everyone 2023-03-02 19:21:38 +00:00
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`admins = [x[0] for x in g.db.query(User.id).filter(User.admin_level >= PERMS['NOTIFICATIONS_HOLE_CREATION'], User.id != v.id).all()]`
disallow creating !everyone 2023-03-02 19:21:38 +00:00			`for admin in admins:`
			`send_repeatable_notification(admin, f":!marseyparty: !{group} has been created by @{v.username} :marseyparty:")`
add ping groups 2023-02-24 06:31:06 +00:00
			`return redirect(f'/ping_groups?msg=!{group} created successfully!')`

ping groups improvements 2023-02-24 19:29:07 +00:00			`@app.post("/!<group_name>/apply")`
blackjack fix exploit 2023-02-27 05:33:45 +00:00			`@limiter.limit('1/second', scope=rpath)`
add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 06:52:26 +00:00			`@limiter.limit('1/second', scope=rpath, key_func=get_ID)`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
add ping groups 2023-02-24 06:31:06 +00:00			`@auth_required`
			`def join_group(v:User, group_name):`
make group names case-insensetive 2023-03-07 18:55:17 +00:00			`group_name = group_name.strip().lower()`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`group = g.db.get(Group, group_name)`
add ping groups 2023-02-24 06:31:06 +00:00			`if not group: abort(404)`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`existing = g.db.query(GroupMembership).filter_by(user_id=v.id, group_name=group_name).one_or_none()`
add ping groups 2023-02-24 06:31:06 +00:00			`if not existing:`
			`join = GroupMembership(user_id=v.id, group_name=group_name)`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.add(join)`
rename /!group/members to /!group 2023-02-25 22:06:43 +00:00			`send_notification(group.owner.id, f"@{v.username} has applied to join !{group}. You can approve or reject the application [here](/!{group}).")`
add ping groups 2023-02-24 06:31:06 +00:00
ping groups improvements 2023-02-24 19:29:07 +00:00			`return {"message": f"Application submitted to !{group}'s owner (@{group.owner.username}) successfully!"}`
add ping groups 2023-02-24 06:31:06 +00:00
ping groups improvements 2023-02-24 19:29:07 +00:00			`@app.post("/!<group_name>/leave")`
blackjack fix exploit 2023-02-27 05:33:45 +00:00			`@limiter.limit('1/second', scope=rpath)`
add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 06:52:26 +00:00			`@limiter.limit('1/second', scope=rpath, key_func=get_ID)`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
add ping groups 2023-02-24 06:31:06 +00:00			`@auth_required`
ping groups improvements 2023-02-24 19:29:07 +00:00			`def leave_group(v:User, group_name):`
make group names case-insensetive 2023-03-07 18:55:17 +00:00			`group_name = group_name.strip().lower()`

make it impossible to leave !jannies 2023-02-28 20:07:31 +00:00			`if group_name == 'jannies':`
			`abort(403, "You can't leave !jannies")`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`group = g.db.get(Group, group_name)`
add ping groups 2023-02-24 06:31:06 +00:00			`if not group: abort(404)`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`existing = g.db.query(GroupMembership).filter_by(user_id=v.id, group_name=group_name).one_or_none()`
ping groups improvements 2023-02-24 19:29:07 +00:00			`if existing:`
			`if existing.approved_utc:`
			`text = f"@{v.username} has left !{group}"`
			`msg = f"You have left !{group} successfully!"`
			`else:`
			`text = f"@{v.username} has cancelled their application to !{group}"`
			`msg = f"You have cancelled your application to !{group} successfully!"`

			`send_notification(group.owner.id, text)`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.delete(existing)`
remove useless tabs 2023-05-05 21:45:25 +00:00
better UI for ping groups 2023-02-25 21:44:02 +00:00			`return {"message": msg}`
ping groups improvements 2023-02-24 19:29:07 +00:00
fix 500 error 2023-02-24 19:43:27 +00:00			`return {"message": ''}`
ping groups improvements 2023-02-24 19:29:07 +00:00

rename /!group/members to /!group 2023-02-25 22:06:43 +00:00			`@app.get("/!<group_name>")`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
ping groups improvements 2023-02-24 19:29:07 +00:00			`@auth_required`
			`def memberships(v:User, group_name):`
make group names case-insensetive 2023-03-07 18:55:17 +00:00			`group_name = group_name.strip().lower()`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`group = g.db.get(Group, group_name)`
ping groups improvements 2023-02-24 19:29:07 +00:00			`if not group: abort(404)`
order memberships better 2023-02-24 19:53:40 +00:00
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`members = g.db.query(GroupMembership).filter(`
better UI for ping groups 2023-02-25 21:44:02 +00:00			`GroupMembership.group_name == group_name,`
			`GroupMembership.approved_utc != None`
			`).order_by(GroupMembership.approved_utc).all()`
order memberships better 2023-02-24 19:53:40 +00:00
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`applications = g.db.query(GroupMembership).filter(`
better UI for ping groups 2023-02-25 21:44:02 +00:00			`GroupMembership.group_name == group_name,`
			`GroupMembership.approved_utc == None`
			`).order_by(GroupMembership.created_utc).all()`

			`return render_template('group_memberships.html', v=v, group=group, members=members, applications=applications)`
add ping groups 2023-02-24 06:31:06 +00:00
			`@app.post("/!<group_name>/<user_id>/approve")`
blackjack fix exploit 2023-02-27 05:33:45 +00:00			`@limiter.limit('1/second', scope=rpath)`
add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 06:52:26 +00:00			`@limiter.limit('1/second', scope=rpath, key_func=get_ID)`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
add ping groups 2023-02-24 06:31:06 +00:00			`@auth_required`
			`def group_approve(v:User, group_name, user_id):`
make group names case-insensetive 2023-03-07 18:55:17 +00:00			`group_name = group_name.strip().lower()`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`group = g.db.get(Group, group_name)`
add ping groups 2023-02-24 06:31:06 +00:00			`if not group: abort(404)`
remove useless tabs 2023-05-05 21:45:25 +00:00
add MODS_EVERY_GROUP perm for myself 2023-03-10 02:10:17 +00:00			`if v.id != group.owner.id and v.admin_level < PERMS['MODS_EVERY_GROUP']:`
add ping groups 2023-02-24 06:31:06 +00:00			`abort(403, f"Only the group owner (@{group.owner.username}) can approve applications!")`
remove useless tabs 2023-05-05 21:45:25 +00:00
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`application = g.db.query(GroupMembership).filter_by(user_id=user_id, group_name=group.name).one_or_none()`
add ping groups 2023-02-24 06:31:06 +00:00			`if not application:`
			`abort(404, "There is no application to approve!")`

			`if not application.approved_utc:`
			`application.approved_utc = time.time()`
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.add(application)`
add ping groups 2023-02-24 06:31:06 +00:00			`send_repeatable_notification(application.user_id, f"@{v.username} (!{group}'s owner) has approved your application!")`

make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00			`return {"message": f'You have approved @{application.user.username} successfully!'}`
add ping groups 2023-02-24 06:31:06 +00:00
			`@app.post("/!<group_name>/<user_id>/reject")`
blackjack fix exploit 2023-02-27 05:33:45 +00:00			`@limiter.limit('1/second', scope=rpath)`
add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 06:52:26 +00:00			`@limiter.limit('1/second', scope=rpath, key_func=get_ID)`
default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 08:41:04 +00:00			`@limiter.limit(DEFAULT_RATELIMIT)`
Revert "change groups ratelimit" This reverts commit 8d3d105eba716569421ffb6c9d829076478a016b. 2023-02-25 21:53:48 +00:00			`@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)`
add ping groups 2023-02-24 06:31:06 +00:00			`@auth_required`
			`def group_reject(v:User, group_name, user_id):`
make group names case-insensetive 2023-03-07 18:55:17 +00:00			`group_name = group_name.strip().lower()`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`group = g.db.get(Group, group_name)`
add ping groups 2023-02-24 06:31:06 +00:00			`if not group: abort(404)`
remove useless tabs 2023-05-05 21:45:25 +00:00
add MODS_EVERY_GROUP perm for myself 2023-03-10 02:10:17 +00:00			`if v.id != group.owner.id and v.admin_level < PERMS['MODS_EVERY_GROUP']:`
make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00			`abort(403, f"Only the group owner (@{group.owner.username}) can reject memberships!")`

revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`membership = g.db.query(GroupMembership).filter_by(user_id=user_id, group_name=group.name).one_or_none()`
make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00			`if not membership:`
			`abort(404, "There is no membership to reject!")`
add ping groups 2023-02-24 06:31:06 +00:00
make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00			`if membership.approved_utc:`
fix broken link 2023-03-25 23:44:48 +00:00			`text = f"@{v.username} (!{group}'s owner) has kicked you from the group!"`
make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00			`msg = f"You have kicked @{membership.user.username} successfully!"`
			`else:`
			`text = f"@{v.username} (!{group}'s owner) has rejected your application!"`
			`msg = f"You have rejected @{membership.user.username} successfully!"`
add ping groups 2023-02-24 06:31:06 +00:00
dont notify myself 2023-05-16 10:28:50 +00:00			`if v.id != membership.user_id:`
			`send_repeatable_notification(membership.user_id, text)`
make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00
revert sqlalchemy changes 2023-03-16 06:27:58 +00:00			`g.db.delete(membership)`
fix 500 error 2023-02-24 19:43:27 +00:00
make it possible to kick niggas from ping groups 2023-02-24 19:41:25 +00:00			`return {"message": msg}`