disable author search for carp and frozen
parent
6bb565df3e
commit
58904aa98f
|
|
@ -1002,11 +1002,11 @@ class User(Base):
|
|||
return g.db.query(Follow).filter_by(target_id=self.id, user_id=user.id).one_or_none()
|
||||
|
||||
@lazy
|
||||
def is_visible_to(self, user):
|
||||
def is_visible_to(self, user, page):
|
||||
if not self.is_private: return True
|
||||
if not user: return False
|
||||
if self.id == user.id: return True
|
||||
if SITE_NAME == 'rDrama' and self.id in {CARP_ID, 1376} and int(request.values.get('page', 0)) > 1: return False
|
||||
if SITE_NAME == 'rDrama' and self.id in {CARP_ID, 1376} and page != 1: return False
|
||||
return user.admin_level >= PERMS['VIEW_PRIVATE_PROFILES'] or user.eye
|
||||
|
||||
@property
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ def searchposts(v):
|
|||
author = get_user(criteria['author'], v=v)
|
||||
if author.id != v.id:
|
||||
posts = posts.filter(Post.ghost == False)
|
||||
if not author.is_visible_to(v):
|
||||
if not author.is_visible_to(v, 0):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
return render_template("search.html",
|
||||
|
|
@ -212,7 +212,7 @@ def searchcomments(v):
|
|||
author = get_user(criteria['author'], v=v)
|
||||
if author.id != v.id:
|
||||
comments = comments.filter(Comment.ghost == False)
|
||||
if not author.is_visible_to(v):
|
||||
if not author.is_visible_to(v, 0):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
|
||||
|
|
@ -311,7 +311,7 @@ def searchmessages(v):
|
|||
if 'author' in criteria:
|
||||
comments = comments.filter(Comment.ghost == False)
|
||||
author = get_user(criteria['author'], v=v)
|
||||
if not author.is_visible_to(v):
|
||||
if not author.is_visible_to(v, 0):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
|
||||
|
|
|
|||
|
|
@ -180,7 +180,7 @@ def transfer_currency(v, username, currency_name, apply_tax):
|
|||
|
||||
def upvoters_downvoters(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not u.is_visible_to(v, 0): abort(403)
|
||||
id = u.id
|
||||
|
||||
uid = get_user(username2, attributes=[User.id]).id
|
||||
|
|
@ -246,7 +246,7 @@ def downvoters_comments(v, username, username2):
|
|||
|
||||
def upvoting_downvoting(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not u.is_visible_to(v, 0): abort(403)
|
||||
id = u.id
|
||||
|
||||
uid = get_user(username2, attributes=[User.id]).id
|
||||
|
|
@ -312,7 +312,7 @@ def downvoting_comments(v, username, username2):
|
|||
|
||||
def user_voted(v, username, cls, vote_cls, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not u.is_visible_to(v, 0): abort(403)
|
||||
|
||||
page = get_page()
|
||||
|
||||
|
|
@ -979,14 +979,15 @@ def u_username(v, username):
|
|||
|
||||
is_following = v and u.has_follower(v)
|
||||
|
||||
if not u.is_visible_to(v):
|
||||
page = get_page()
|
||||
|
||||
if not u.is_visible_to(v, page):
|
||||
if g.is_api_or_xhr:
|
||||
abort(403, f"@{u.username}'s userpage is private")
|
||||
return render_template("userpage/private.html", u=u, v=v, is_following=is_following), 403
|
||||
|
||||
sort = request.values.get("sort", "new")
|
||||
t = request.values.get("t", "all")
|
||||
page = get_page()
|
||||
|
||||
ids, total = userpagelisting(u, v=v, page=page, sort=sort, t=t)
|
||||
|
||||
|
|
@ -1066,13 +1067,13 @@ def u_username_comments(username, v):
|
|||
|
||||
is_following = v and u.has_follower(v)
|
||||
|
||||
if not u.is_visible_to(v):
|
||||
page = get_page()
|
||||
|
||||
if not u.is_visible_to(v, page):
|
||||
if g.is_api_or_xhr:
|
||||
abort(403, f"@{u.username}'s userpage is private")
|
||||
return render_template("userpage/private.html", u=u, v=v, is_following=is_following), 403
|
||||
|
||||
page = get_page()
|
||||
|
||||
sort = request.values.get("sort","new")
|
||||
t = request.values.get("t","all")
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% if u.is_visible_to(v) and "/saved/" not in request.path and "/subscribed/" not in request.path and path != '' and '/wall/comment/' not in path %}
|
||||
{% if u.is_visible_to(v, page) and "/saved/" not in request.path and "/subscribed/" not in request.path and path != '' and '/wall/comment/' not in path %}
|
||||
<div class="d-flex justify-content-between align-items-center" style="padding-top:10px">
|
||||
<div class="d-flex align-items-center">
|
||||
{{- macros.time_filter_buttons() -}}
|
||||
|
|
|
|||
Loading…
Reference in New Issue