From 06f88e8a4a8a507a27c5b122a4d588badf3eb793 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Wed, 5 Oct 2022 21:45:54 -0700
Subject: [PATCH] post based permissions mostly

---
 files/helpers/const.py   | 4 ++++
 files/routes/comments.py | 6 +++---
 files/routes/posts.py    | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/files/helpers/const.py b/files/helpers/const.py
index 673a25a50..d03c8247b 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -137,6 +137,8 @@ PERMS = { # Minimum admin_level to perform action.
 	'USER_AGENDAPOSTER': 2,
 	'USER_CLUB_ALLOW_BAN': 2,
 	'POST_TO_CHANGELOG': 1,
+	'POST_TO_POLL_THREAD': 2,
+	'POST_BETS': 3,
 	'BYPASS_PIN_LIMIT': 3,
 	'VIEW_PENDING_SUBMITTED_MARSEYS': 3,
 	'VIEW_PENDING_SUBMITTED_HATS': 3,
@@ -156,6 +158,8 @@ PERMS = { # Minimum admin_level to perform action.
 	'ADMIN_ADD_PERM_LEVEL': 2, # permission level given when user added via site
 	'ADMIN_ACTIONS_REVERT': 3,
 	'SITE_SETTINGS': 3,
+	'SITE_SETTINGS_SIDEBARS_BANNERS_BADGES': 3,
+	'SITE_SETTINGS_SNAPPY_QUOTES': 3,
 	'SITE_SETTINGS_UNDER_ATTACK': 3,
 	'CACHE_PURGE_CDN': 3,
 	'CACHE_DUMP_INTERNAL': 2,
diff --git a/files/routes/comments.py b/files/routes/comments.py
index ce52a74f4..54bbc0202 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -156,7 +156,7 @@ def comment(v):
 		parent_comment_id = None
 		level = 1
 
-		if POLL_THREAD and parent.id == POLL_THREAD and v.admin_level < 2: abort(403)
+		if POLL_THREAD and parent.id == POLL_THREAD and v.admin_level < PERMS['POST_TO_POLL_THREAD']: abort(403)
 	elif parent_fullname.startswith("c_"):
 		parent = get_comment(parent_fullname.split("_")[1], v=v)
 		parent_comment_id = parent.id
@@ -196,7 +196,7 @@ def comment(v):
 				file.save(oldname)
 				image = process_image(oldname)
 				if image == "": return {"error":"Image upload failed"}, 400
-				if v.admin_level > 2 and level == 1:
+				if v.admin_level > PERMS['SITE_SETTINGS_SIDEBARS_BANNERS_BADGES'] and level == 1:
 					if parent_post.id == SIDEBAR_THREAD:
 						li = sorted(os.listdir(f'files/assets/images/{SITE_NAME}/sidebar'),
 							key=lambda e: int(e.split('.webp')[0]))[-1]
@@ -239,7 +239,7 @@ def comment(v):
 
 	body = body.strip()
 	
-	if v.admin_level > 2 and parent_post.id == SNAPPY_THREAD and level == 1:
+	if v.admin_level > PERMS['SITE_SETTINGS_SNAPPY_QUOTES'] and parent_post.id == SNAPPY_THREAD and level == 1:
 		with open(f"snappy_{SITE_NAME}.txt", "a", encoding="utf-8") as f:
 			f.write('\n{[para]}\n' + body)
 
diff --git a/files/routes/posts.py b/files/routes/posts.py
index 4ea80600a..44d399935 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -842,7 +842,7 @@ def submit_post(v, sub=None):
 	if len(url) > 2048:
 		return error("There's a 2048 character limit for URLs.")
 
-	if v and v.admin_level > 2:
+	if v and v.admin_level > PERMS['POST_BETS']:
 		bets = []
 		for i in bet_regex.finditer(body):
 			bets.append(i.group(1))
@@ -929,7 +929,7 @@ def submit_post(v, sub=None):
 		)
 		g.db.add(choice)
 
-	if v and v.admin_level > 2:
+	if v and v.admin_level > PERMS['POST_BETS']:
 		for bet in bets:
 			bet = SubmissionOption(
 				submission_id=post.id,