From 591e6342bbbedaa01242f3e8588abdcba0d523bf Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Wed, 5 Oct 2022 18:24:37 -0700
Subject: [PATCH] editing permissions

---
 files/helpers/const.py          | 1 +
 files/routes/posts.py           | 5 ++---
 files/templates/submission.html | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/files/helpers/const.py b/files/helpers/const.py
index fa09dc1b0..1accfe843 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -129,6 +129,7 @@ PERMS = { # Minimum admin_level to perform action.
 	'USER_VOTERS_VISIBLE': 0,
 	'POST_COMMENT_MODERATION': 2,
 	'GLOBAL_HOLE_MODERATION': 3,
+	'POST_EDITING': 3,
 }
 
 FEATURES = {
diff --git a/files/routes/posts.py b/files/routes/posts.py
index af5fc14c3..b58a03214 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -373,14 +373,13 @@ def morecomments(v, cid):
 @auth_required
 def edit_post(pid, v):
 	p = get_post(pid)
+	if v.id != p.author_id and v.admin_level < PERMS['POST_EDITING']:
+		abort(403)
 
 	title = sanitize_raw_title(request.values.get("title", ""))
 
 	body = sanitize_raw_body(request.values.get("body", ""))
 
-	if v.id != p.author_id and v.admin_level < 3:
-		abort(403)
-
 	if v.id == p.author_id:
 		if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
 			return {"error":"You have to type more than 280 characters!"}, 403
diff --git a/files/templates/submission.html b/files/templates/submission.html
index 4867f5ae4..e0b7d9d41 100644
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@@ -790,7 +790,7 @@
 					</div>
 					{% endif %}
 
-					{% if v and (v.id==p.author_id or v.admin_level > 2) and not v.is_suspended %}
+					{% if v and (v.id==p.author_id or v.admin_level >= PERMS['POST_EDITING']) and not v.is_suspended %}
 						<div id="edit-post-body-{{p.id}}" class="d-none comment-write collapsed child">
 							<form id="post-edit-form-{{p.id}}" action="/edit_post/{{p.id}}" method="post" enctype="multipart/form-data">
 									<input type="hidden" name="formkey" value="{{v.formkey}}">
@@ -844,7 +844,7 @@
 							</a>
 						</li>
 
-						{% if v and (v.id==p.author_id or v.admin_level > 1 and v.admin_level > 2) %}
+						{% if v and (v.id==p.author_id or v.admin_level >= PERMS['POST_EDITING']) %}
 							<a class="list-inline-item" role="button" onclick="togglePostEdit('{{p.id}}')"><i class="fas fa-edit"></i>Edit</a>
 						{% endif %}
 
@@ -1092,7 +1092,7 @@
 	{% include "report_post_modal.html" %}
 {% endif %}
 
-{% if v and (v.id == p.author_id or v.admin_level > 1 and v.admin_level > 2) %}
+{% if v and (v.id == p.author_id or v.admin_level >= PERMS['POST_EDITING']) %}
 	<script defer src="{{'js/togglePostEdit.js' | asset}}"></script>
 {% endif %}