improve POST_TO_CHANGELOG check

2022-10-06 02:09:46 -07:00 · 2022-10-06 02:09:46 -07:00 · 8db6b3f7fd
parent 941bf69227
commit 8db6b3f7fd
2 changed files with 4 additions and 7 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -146,7 +146,7 @@ PERMS = { # Minimum admin_level to perform action.
 	'USER_LINK': 2,
 	'USER_MERGE': 3, # note: extra check for Aevann
 	'USER_TITLE_CHANGE': 2,
-	'POST_TO_CHANGELOG': 1,
+	'POST_TO_CHANGELOG': 1, # note: code contributors can also post to changelog
 	'POST_TO_POLL_THREAD': 2,
 	'POST_BETS': 3,
 	'POST_BETS_DISTRIBUTE': 3, # probably should be the same as POST_BETS but w/e
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -679,12 +679,9 @@ def submit_post(v, sub=None):

 	sub = request.values.get("sub", "").lower().replace('/h/','').strip()

-	if sub == 'changelog':
-		allowed = []
-		if v.admin_level >= PERMS['POST_TO_CHANGELOG']:
-			allowed.append(v.id)
-		if v.id not in allowed: # only query for badges if doesn't have permissions (this is a bit weird tbh)
-			allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
+	if sub == 'changelog' and not v.admin_level >= PERMS['POST_TO_CHANGELOG']:
+		# we also allow 'code contributor' badgeholders to post to the changelog hole
+		allowed = g.db.query(Badge.user_id).filter_by(badge_id=3).all()
 		allowed = [x[0] for x in allowed]
 		if v.id not in allowed: return error(f"You don't have sufficient permissions to post in /h/changelog")