From a43072b10f0d0b75abab7f224316f936fd561ae9 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Wed, 17 Apr 2024 18:06:23 +0200
Subject: [PATCH] restore all-seeing eye but only for the first page

---
 files/classes/user.py                |  8 ++++++--
 files/helpers/config/awards.py       |  2 +-
 files/routes/search.py               |  6 +++---
 files/routes/users.py                | 17 +++++++++--------
 files/templates/userpage/header.html |  2 +-
 5 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/files/classes/user.py b/files/classes/user.py
index 93a8ce4cf..d964ccd44 100644
--- a/files/classes/user.py
+++ b/files/classes/user.py
@@ -985,11 +985,15 @@ class User(Base):
 		return g.db.query(Follow).filter_by(target_id=self.id, user_id=user.id).one_or_none()
 
 	@lazy
-	def is_visible_to(self, user):
+	def is_visible_to(self, user, page):
 		if not self.is_private: return True
 		if not user: return False
 		if self.id == user.id: return True
-		return user.admin_level >= PERMS['VIEW_PRIVATE_PROFILES'] or (user.eye and SITE != 'rdrama.net') #to stop the doxing, if u see this, pls dont tell anyone
+		if user.admin_level >= PERMS['VIEW_PRIVATE_PROFILES']: return True
+		if user.eye:
+			if SITE_NAME != 'rDrama': return True
+			if page == 1: return True
+		return False
 
 	@property
 	@lazy
diff --git a/files/helpers/config/awards.py b/files/helpers/config/awards.py
index bd6a7cf08..37878486e 100644
--- a/files/helpers/config/awards.py
+++ b/files/helpers/config/awards.py
@@ -811,7 +811,7 @@ AWARDS = {
 		"deflectable": True,
 		"cosmetic": False,
 		"ghost": False,
-		"enabled": SITE != 'rdrama.net',
+		"enabled": True,
 		"negative": False,
 		"included_in_lootbox": False,
 	},
diff --git a/files/routes/search.py b/files/routes/search.py
index f33e8e85a..5f33af9b8 100644
--- a/files/routes/search.py
+++ b/files/routes/search.py
@@ -73,7 +73,7 @@ def searchposts(v):
 		author = get_user(criteria['author'], v=v)
 		if author.id != v.id:
 			posts = posts.filter(Post.ghost == False)
-		if not author.is_visible_to(v):
+		if not author.is_visible_to(v, 0):
 			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
 			return render_template("search.html",
@@ -212,7 +212,7 @@ def searchcomments(v):
 		author = get_user(criteria['author'], v=v)
 		if author.id != v.id:
 			comments = comments.filter(Comment.ghost == False)
-		if not author.is_visible_to(v):
+		if not author.is_visible_to(v, 0):
 			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
 
@@ -311,7 +311,7 @@ def searchmessages(v):
 	if 'author' in criteria:
 		comments = comments.filter(Comment.ghost == False)
 		author = get_user(criteria['author'], v=v)
-		if not author.is_visible_to(v):
+		if not author.is_visible_to(v, 0):
 			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
 
diff --git a/files/routes/users.py b/files/routes/users.py
index af242fabf..9afd4182a 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -172,7 +172,7 @@ def transfer_currency(v, username, currency_name, apply_tax):
 
 def upvoters_downvoters(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
 	u = get_user(username, v=v)
-	if not u.is_visible_to(v): abort(403)
+	if not u.is_visible_to(v, 0): abort(403)
 	id = u.id
 
 	uid = get_user(username2, attributes=[User.id]).id
@@ -238,7 +238,7 @@ def downvoters_comments(v, username, username2):
 
 def upvoting_downvoting(v, username, username2, cls, vote_cls, vote_dir, template, standalone):
 	u = get_user(username, v=v)
-	if not u.is_visible_to(v): abort(403)
+	if not u.is_visible_to(v, 0): abort(403)
 	id = u.id
 
 	uid = get_user(username2, attributes=[User.id]).id
@@ -304,7 +304,7 @@ def downvoting_comments(v, username, username2):
 
 def user_voted(v, username, cls, vote_cls, template, standalone):
 	u = get_user(username, v=v)
-	if not u.is_visible_to(v): abort(403)
+	if not u.is_visible_to(v, 0): abort(403)
 
 	page = get_page()
 
@@ -971,14 +971,15 @@ def u_username(v, username):
 
 	is_following = v and u.has_follower(v)
 
-	if not u.is_visible_to(v):
+	page = get_page()
+
+	if not u.is_visible_to(v, page):
 		if g.is_api_or_xhr:
 			abort(403, f"@{u.username}'s userpage is private")
 		return render_template("userpage/private.html", u=u, v=v, is_following=is_following), 403
 
 	sort = request.values.get("sort", "new")
 	t = request.values.get("t", "all")
-	page = get_page()
 
 	ids, total = userpagelisting(u, v=v, page=page, sort=sort, t=t)
 
@@ -1052,13 +1053,13 @@ def u_username_comments(username, v):
 
 	is_following = v and u.has_follower(v)
 
-	if not u.is_visible_to(v):
+	page = get_page()
+
+	if not u.is_visible_to(v, page):
 		if g.is_api_or_xhr:
 			abort(403, f"@{u.username}'s userpage is private")
 		return render_template("userpage/private.html", u=u, v=v, is_following=is_following), 403
 
-	page = get_page()
-
 	sort = request.values.get("sort","new")
 	t = request.values.get("t","all")
 
diff --git a/files/templates/userpage/header.html b/files/templates/userpage/header.html
index 18edf23e3..7288b3ede 100644
--- a/files/templates/userpage/header.html
+++ b/files/templates/userpage/header.html
@@ -27,7 +27,7 @@
 		</div>
 	</div>
 </div>
-{% if u.is_visible_to(v) and "/saved/" not in request.path and "/subscribed/" not in request.path and path != '' and '/wall/comment/' not in path %}
+{% if u.is_visible_to(v, page) and "/saved/" not in request.path and "/subscribed/" not in request.path and path != '' and '/wall/comment/' not in path %}
 	<div class="d-flex justify-content-between align-items-center" style="padding-top:10px">
 		<div class="d-flex align-items-center">
 			{{- macros.time_filter_buttons() -}}