From e1e7258e7a98d83b7e83b0c255ca13392e49e459 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sat, 20 Aug 2022 00:36:28 +0200 Subject: [PATCH] add def can_see(v) --- files/classes/comment.py | 11 +++++++++++ files/classes/submission.py | 8 ++++++++ files/routes/comments.py | 2 ++ files/routes/posts.py | 2 ++ files/templates/comments.html | 6 +++--- files/templates/submission_listing.html | 2 +- 6 files changed, 27 insertions(+), 4 deletions(-) diff --git a/files/classes/comment.py b/files/classes/comment.py index 19e7cffe9..42759b2dd 100644 --- a/files/classes/comment.py +++ b/files/classes/comment.py @@ -84,6 +84,17 @@ class Comment(Base): return f"" + @lazy + def can_see(self, v): + if not self.parent_submission: return True + if self.post.sub != 'chudrama': return True + if v: + if v.id == self.author_id: return True + if v.id == self.post.author_id: return True + if v and v.truecoins >= 20000: return True + return False + + @property @lazy def top_comment(self): diff --git a/files/classes/submission.py b/files/classes/submission.py index a171e91c9..6aaf44309 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -77,6 +77,14 @@ class Submission(Base): def __repr__(self): return f"" + @lazy + def can_see(self, v): + if self.sub != 'chudrama': return True + if v: + if v.id == self.author_id: return True + if v and v.truecoins >= 20000: return True + return False + @property @lazy def controversial(self): diff --git a/files/routes/comments.py b/files/routes/comments.py index fdda20d64..e38a57e87 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -44,6 +44,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): except: abort(404) comment = get_comment(cid, v=v) + + if not comment.can_see(v): abort(403) if comment.author.shadowbanned and not (v and v.shadowbanned) and not (v and v.admin_level >= 2): abort(404) diff --git a/files/routes/posts.py b/files/routes/posts.py index 1361aa1ea..49cf3a644 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -118,6 +118,8 @@ def post_id(pid, anything=None, v=None, sub=None): post = get_post(pid, v=v) + if not post.can_see(v): abort(403) + if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()): if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"Must be 18+ to view"}, 451 return render_template("errors/nsfw.html", v=v) diff --git a/files/templates/comments.html b/files/templates/comments.html index 5dab5362d..be0096372 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -90,7 +90,7 @@ {% if render_replies %} {% if level<9 or request.path.startswith('/notifications') or request.headers.get("xhr") %}
- {% for reply in replies if not reply.parent_submission or reply.post.sub != 'chudrama' or (v and v.truecoins >= 20000) %} + {% for reply in replies %} {{single_comment(reply, level=level+1)}} {% endfor %}
@@ -601,7 +601,7 @@ {% if render_replies %} {% if level<9 or request.path.startswith('/notifications') or request.headers.get("xhr") %}
- {% for reply in replies if not reply.parent_submission or reply.post.sub != 'chudrama' or (v and v.truecoins >= 20000) %} + {% for reply in replies %} {{single_comment(reply, level=level+1)}} {% endfor %}
@@ -785,7 +785,7 @@ {% endmacro %} -{% for comment in comments if not comment.parent_submission or comment.post.sub != 'chudrama' or (v and v.truecoins >= 20000) %} +{% for comment in comments if comment.can_see(v) %} {{single_comment(comment)}} diff --git a/files/templates/submission_listing.html b/files/templates/submission_listing.html index 452cf628e..e22cddcb9 100644 --- a/files/templates/submission_listing.html +++ b/files/templates/submission_listing.html @@ -58,7 +58,7 @@ -{% for p in listing if p.sub != 'chudrama' or (v and v.truecoins >= 20000) %} +{% for p in listing if p.can_see(v) %} {% set ups=p.upvotes %} {% set downs=p.downvotes %}