Aevann 2024-03-08 02:50:05 +02:00
parent 01797e99bb
commit 095273cbb9
3 changed files with 6 additions and 3 deletions

View File

@ -2235,7 +2235,7 @@ def unmark_effortpost(pid, v):
@app.get("/edits/<link>") @app.get("/edits/<link>")
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
@admin_level_required(PERMS['VIEW_EDITS']) @auth_required
def view_edits(v, link): def view_edits(v, link):
try: try:
if "p_" in link: obj = get_post(int(link.split("p_")[1]), v=v) if "p_" in link: obj = get_post(int(link.split("p_")[1]), v=v)
@ -2243,4 +2243,7 @@ def view_edits(v, link):
else: abort(400) else: abort(400)
except: abort(400) except: abort(400)
if v.id != obj.author_id and v.admin_level < PERMS['VIEW_EDITS']:
abort(403, "You can't view other people's edits!")
return render_template("edits.html", v=v, obj=obj) return render_template("edits.html", v=v, obj=obj)

View File

@ -233,7 +233,7 @@
<a class="vertical-align ml-1" href="{{c.permalink}}">#{{c.id}}</a> <a class="vertical-align ml-1" href="{{c.permalink}}">#{{c.id}}</a>
{% if c.edited_utc and v and v.admin_level >= PERMS['VIEW_EDITS'] %} {% if c.edited_utc and v and (v.id == c.author_id or v.admin_level >= PERMS['VIEW_EDITS']) %}
<a href="/edits/{{c.fullname}}" class="font-italic" data-nonce="{{g.nonce}}" data-bs-toggle="tooltip" data-bs-placement="bottom" data-onmouseover="timestamp(this, '{{c.edited_utc}}')"> <a href="/edits/{{c.fullname}}" class="font-italic" data-nonce="{{g.nonce}}" data-bs-toggle="tooltip" data-bs-placement="bottom" data-onmouseover="timestamp(this, '{{c.edited_utc}}')">
&nbsp; Edited <span id="comment-edited_string-{{c.id}}">{{c.edited_string}}</span> &nbsp; Edited <span id="comment-edited_string-{{c.id}}">{{c.edited_string}}</span>
</a> </a>

View File

@ -125,7 +125,7 @@
{% endif %} {% endif %}
{% if p.edited_utc %} {% if p.edited_utc %}
{% if v and v.admin_level >= PERMS['VIEW_EDITS'] %} {% if v and (v.id == p.author_id or v.admin_level >= PERMS['VIEW_EDITS']) %}
<a href="/edits/{{p.fullname}}" class="ml-2 d-inline-block">Edited <span data-bs-toggle="tooltip" data-bs-placement="bottom" id="edited_timestamp-{{p.id}}" data-nonce="{{g.nonce}}" data-onmouseover="timestamp(this, '{{p.edited_utc}}')">{{p.edited_string}}</span></a> <a href="/edits/{{p.fullname}}" class="ml-2 d-inline-block">Edited <span data-bs-toggle="tooltip" data-bs-placement="bottom" id="edited_timestamp-{{p.id}}" data-nonce="{{g.nonce}}" data-onmouseover="timestamp(this, '{{p.edited_utc}}')">{{p.edited_string}}</span></a>
{% else %} {% else %}
<span class="ml-2 d-inline-block">Edited <span data-bs-toggle="tooltip" data-bs-placement="bottom" id="edited_timestamp-{{p.id}}" data-nonce="{{g.nonce}}" data-onmouseover="timestamp(this, '{{p.edited_utc}}')">{{p.edited_string}}</span></span> <span class="ml-2 d-inline-block">Edited <span data-bs-toggle="tooltip" data-bs-placement="bottom" id="edited_timestamp-{{p.id}}" data-nonce="{{g.nonce}}" data-onmouseover="timestamp(this, '{{p.edited_utc}}')">{{p.edited_string}}</span></span>