restore all-seeing eye but only for the first page
parent
485d210373
commit
a43072b10f
|
@ -985,11 +985,15 @@ class User(Base):
|
|||
return g.db.query(Follow).filter_by(target_id=self.id, user_id=user.id).one_or_none()
|
||||
|
||||
@lazy
|
||||
def is_visible_to(self, user):
|
||||
def is_visible_to(self, user, page):
|
||||
if not self.is_private: return True
|
||||
if not user: return False
|
||||
if self.id == user.id: return True
|
||||
return user.admin_level >= PERMS['VIEW_PRIVATE_PROFILES'] or (user.eye and SITE != 'rdrama.net') #to stop the doxing, if u see this, pls dont tell anyone
|
||||
if user.admin_level >= PERMS['VIEW_PRIVATE_PROFILES']: return True
|
||||
if user.eye:
|
||||
if SITE_NAME != 'rDrama': return True
|
||||
if page == 1: return True
|
||||
return False
|
||||
|
||||
@property
|
||||
@lazy
|
||||
|
|
|
@ -811,7 +811,7 @@ AWARDS = {
|
|||
"deflectable": True,
|
||||
"cosmetic": False,
|
||||
"ghost": False,
|
||||
"enabled": SITE != 'rdrama.net',
|
||||
"enabled": True,
|
||||
"negative": False,
|
||||
"included_in_lootbox": False,
|
||||
},
|
||||
|
|
|
@ -73,7 +73,7 @@ def searchposts(v):
|
|||
author = get_user(criteria['author'], v=v)
|
||||
if author.id != v.id:
|
||||
posts = posts.filter(Post.ghost == False)
|
||||
if not author.is_visible_to(v):
|
||||
if not author.is_visible_to(v, 0):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
return render_template("search.html",
|
||||
|
@ -212,7 +212,7 @@ def searchcomments(v):
|
|||
author = get_user(criteria['author'], v=v)
|
||||
if author.id != v.id:
|
||||
comments = comments.filter(Comment.ghost == False)
|
||||
if not author.is_visible_to(v):
|
||||
if not author.is_visible_to(v, 0):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
|
||||
|
@ -311,7 +311,7 @@ def searchmessages(v):
|
|||
if 'author' in criteria:
|
||||
comments = comments.filter(Comment.ghost == False)
|
||||
author = get_user(criteria['author'], v=v)
|
||||
if not author.is_visible_to(v):
|
||||
if not author.is_visible_to(v, 0):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
|
||||
|
|
|
@ -172,7 +172,7 @@ def transfer_currency(v, username, currency_name, apply_tax):
|
|||
|
||||
def upvoters_downvoters(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not u.is_visible_to(v, 0): abort(403)
|
||||
id = u.id
|
||||
|
||||
uid = get_user(username2, attributes=[User.id]).id
|
||||
|
@ -238,7 +238,7 @@ def downvoters_comments(v, username, username2):
|
|||
|
||||
def upvoting_downvoting(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not u.is_visible_to(v, 0): abort(403)
|
||||
id = u.id
|
||||
|
||||
uid = get_user(username2, attributes=[User.id]).id
|
||||
|
@ -304,7 +304,7 @@ def downvoting_comments(v, username, username2):
|
|||
|
||||
def user_voted(v, username, cls, vote_cls, template, standalone):
|
||||
u = get_user(username, v=v)
|
||||
if not u.is_visible_to(v): abort(403)
|
||||
if not u.is_visible_to(v, 0): abort(403)
|
||||
|
||||
page = get_page()
|
||||
|
||||
|
@ -971,14 +971,15 @@ def u_username(v, username):
|
|||
|
||||
is_following = v and u.has_follower(v)
|
||||
|
||||
if not u.is_visible_to(v):
|
||||
page = get_page()
|
||||
|
||||
if not u.is_visible_to(v, page):
|
||||
if g.is_api_or_xhr:
|
||||
abort(403, f"@{u.username}'s userpage is private")
|
||||
return render_template("userpage/private.html", u=u, v=v, is_following=is_following), 403
|
||||
|
||||
sort = request.values.get("sort", "new")
|
||||
t = request.values.get("t", "all")
|
||||
page = get_page()
|
||||
|
||||
ids, total = userpagelisting(u, v=v, page=page, sort=sort, t=t)
|
||||
|
||||
|
@ -1052,13 +1053,13 @@ def u_username_comments(username, v):
|
|||
|
||||
is_following = v and u.has_follower(v)
|
||||
|
||||
if not u.is_visible_to(v):
|
||||
page = get_page()
|
||||
|
||||
if not u.is_visible_to(v, page):
|
||||
if g.is_api_or_xhr:
|
||||
abort(403, f"@{u.username}'s userpage is private")
|
||||
return render_template("userpage/private.html", u=u, v=v, is_following=is_following), 403
|
||||
|
||||
page = get_page()
|
||||
|
||||
sort = request.values.get("sort","new")
|
||||
t = request.values.get("t","all")
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% if u.is_visible_to(v) and "/saved/" not in request.path and "/subscribed/" not in request.path and path != '' and '/wall/comment/' not in path %}
|
||||
{% if u.is_visible_to(v, page) and "/saved/" not in request.path and "/subscribed/" not in request.path and path != '' and '/wall/comment/' not in path %}
|
||||
<div class="d-flex justify-content-between align-items-center" style="padding-top:10px">
|
||||
<div class="d-flex align-items-center">
|
||||
{{- macros.time_filter_buttons() -}}
|
||||
|
|
Loading…
Reference in New Issue