use usernames instead of ids in GET urls visible to users whenever u can
parent
c7b7eb26e1
commit
13173376a4
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
from flask import *
|
||||
from sqlalchemy import and_, any_, or_
|
||||
from sqlalchemy.orm import joinedload, Query
|
||||
from sqlalchemy.orm import joinedload, Query, load_only
|
||||
|
||||
from files.classes import Comment, CommentVote, Hat, Sub, Post, User, UserBlock, Vote
|
||||
from files.helpers.config.const import *
|
||||
|
|
@ -32,7 +32,7 @@ def get_id(username, graceful=False):
|
|||
|
||||
return user[0]
|
||||
|
||||
def get_user(username, v=None, graceful=False, include_blocks=False):
|
||||
def get_user(username, v=None, graceful=False, include_blocks=False, id_only=False):
|
||||
if not username:
|
||||
if graceful: return None
|
||||
abort(404)
|
||||
|
|
@ -51,6 +51,9 @@ def get_user(username, v=None, graceful=False, include_blocks=False):
|
|||
)
|
||||
)
|
||||
|
||||
if id_only:
|
||||
user = user.options(load_only(User.id))
|
||||
|
||||
user = user.one_or_none()
|
||||
|
||||
if not user:
|
||||
|
|
|
|||
|
|
@ -142,15 +142,13 @@ def transfer_currency(v, username, currency_name, apply_tax):
|
|||
g.db.add(v)
|
||||
return {"message": f"{amount - tax} {currency_name} have been transferred to @{receiver.username}"}
|
||||
|
||||
def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, standalone):
|
||||
def upvoters_downvoters(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||
id = u.id
|
||||
try:
|
||||
uid = int(uid)
|
||||
except:
|
||||
abort(404)
|
||||
|
||||
uid = get_user(username2, id_only=True).id
|
||||
|
||||
page = get_page()
|
||||
|
||||
|
|
@ -177,46 +175,44 @@ def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, sta
|
|||
|
||||
return render_template(template, total=total, listing=listing, page=page, v=v, standalone=standalone)
|
||||
|
||||
@app.get("/@<username>/upvoters/<int:uid>/posts")
|
||||
@app.get("/@<username>/upvoters/@<username2>/posts")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def upvoters_posts(v, username, uid):
|
||||
return upvoters_downvoters(v, username, uid, Post, Vote, 1, "userpage/voted_posts.html", None)
|
||||
def upvoters_posts(v, username, username2):
|
||||
return upvoters_downvoters(v, username, username2, Post, Vote, 1, "userpage/voted_posts.html", None)
|
||||
|
||||
|
||||
@app.get("/@<username>/upvoters/<int:uid>/comments")
|
||||
@app.get("/@<username>/upvoters/@<username2>/comments")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def upvoters_comments(v, username, uid):
|
||||
return upvoters_downvoters(v, username, uid, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
||||
def upvoters_comments(v, username, username2):
|
||||
return upvoters_downvoters(v, username, username2, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
||||
|
||||
|
||||
@app.get("/@<username>/downvoters/<int:uid>/posts")
|
||||
@app.get("/@<username>/downvoters/@<username2>/posts")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def downvoters_posts(v, username, uid):
|
||||
return upvoters_downvoters(v, username, uid, Post, Vote, -1, "userpage/voted_posts.html", None)
|
||||
def downvoters_posts(v, username, username2):
|
||||
return upvoters_downvoters(v, username, username2, Post, Vote, -1, "userpage/voted_posts.html", None)
|
||||
|
||||
|
||||
@app.get("/@<username>/downvoters/<int:uid>/comments")
|
||||
@app.get("/@<username>/downvoters/@<username2>/comments")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def downvoters_comments(v, username, uid):
|
||||
return upvoters_downvoters(v, username, uid, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
||||
def downvoters_comments(v, username, username2):
|
||||
return upvoters_downvoters(v, username, username2, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
||||
|
||||
def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, standalone):
|
||||
def upvoting_downvoting(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
|
||||
id = u.id
|
||||
try:
|
||||
uid = int(uid)
|
||||
except:
|
||||
abort(404)
|
||||
|
||||
uid = get_user(username2, id_only=True).id
|
||||
|
||||
page = get_page()
|
||||
|
||||
|
|
@ -243,36 +239,36 @@ def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, sta
|
|||
|
||||
return render_template(template, total=total, listing=listing, page=page, v=v, standalone=standalone)
|
||||
|
||||
@app.get("/@<username>/upvoting/<int:uid>/posts")
|
||||
@app.get("/@<username>/upvoting/@<username2>/posts")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def upvoting_posts(v, username, uid):
|
||||
return upvoting_downvoting(v, username, uid, Post, Vote, 1, "userpage/voted_posts.html", None)
|
||||
def upvoting_posts(v, username, username2):
|
||||
return upvoting_downvoting(v, username, username2, Post, Vote, 1, "userpage/voted_posts.html", None)
|
||||
|
||||
|
||||
@app.get("/@<username>/upvoting/<int:uid>/comments")
|
||||
@app.get("/@<username>/upvoting/@<username2>/comments")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def upvoting_comments(v, username, uid):
|
||||
return upvoting_downvoting(v, username, uid, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
||||
def upvoting_comments(v, username, username2):
|
||||
return upvoting_downvoting(v, username, username2, Comment, CommentVote, 1, "userpage/voted_comments.html", True)
|
||||
|
||||
|
||||
@app.get("/@<username>/downvoting/<int:uid>/posts")
|
||||
@app.get("/@<username>/downvoting/@<username2>/posts")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def downvoting_posts(v, username, uid):
|
||||
return upvoting_downvoting(v, username, uid, Post, Vote, -1, "userpage/voted_posts.html", None)
|
||||
def downvoting_posts(v, username, username2):
|
||||
return upvoting_downvoting(v, username, username2, Post, Vote, -1, "userpage/voted_posts.html", None)
|
||||
|
||||
|
||||
@app.get("/@<username>/downvoting/<int:uid>/comments")
|
||||
@app.get("/@<username>/downvoting/@<username2>/comments")
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def downvoting_comments(v, username, uid):
|
||||
return upvoting_downvoting(v, username, uid, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
||||
def downvoting_comments(v, username, username2):
|
||||
return upvoting_downvoting(v, username, username2, Comment, CommentVote, -1, "userpage/voted_comments.html", True)
|
||||
|
||||
def user_voted(v, username, cls, vote_cls, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<tr {% if v.id == user.id %}class="self"{% endif %}>
|
||||
<td>{{loop.index+PAGE_SIZE*(page-1)}}</td>
|
||||
<td>{% include "user_in_table.html" %}</td>
|
||||
<td><a href="{{request.path}}/{{user.id}}/posts">{{num}}</a></td>
|
||||
<td><a href="{{request.path}}/@{{user.username}}/posts">{{num}}</a></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
{% if pos and (pos[0] > 25 or not pos[1]) %}
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
{% include "user_in_table.html" %}
|
||||
{% endwith %}
|
||||
</td>
|
||||
<td><a href="{{request.path}}/{{v.id}}/posts">{{pos[1]}}</a></td>
|
||||
<td><a href="{{request.path}}/@{{v.username}}/posts">{{pos[1]}}</a></td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
</tbody>
|
||||
|
|
|
|||
Loading…
Reference in New Issue