LGB: Permission block, follow, voters visibility.

2022-07-18 03:17:45 -04:00 · 2022-07-18 03:17:45 -04:00 · eef6c25b0b
parent 0c43deeee6
commit eef6c25b0b
5 changed files with 35 additions and 1 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -138,6 +138,9 @@ PERMS = { # Minimum admin_level to perform action.
 	'FLAGS_VISIBLE_REPORTER': 0,
 	'FLAGS_REMOVE': 2,
 	'VOTES_VISIBLE': 0,
+	'USER_BLOCKS_VISIBLE': 0,
+	'USER_FOLLOWS_VISIBLE': 0,
+	'USER_VOTERS_VISIBLE': 0,
 }

 FEATURES = {
@ -317,6 +320,9 @@ elif SITE == 'lgbdropthet.com':
 	PERMS['HOLE_CREATE'] = 3
 	PERMS['FLAGS_VISIBLE_REPORTER'] = 2
 	PERMS['VOTES_VISIBLE'] = 2
+	PERMS['USER_BLOCKS_VISIBLE'] = 2
+	PERMS['USER_FOLLOWS_VISIBLE'] = 2
+	PERMS['USER_VOTERS_VISIBLE'] = 2

 	FEATURES['PROCOINS'] = False
 	FEATURES['CHAT'] = False
--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -327,7 +327,7 @@ def badges(v):
 	return render_template("badges.html", v=v, badges=badges, counts=counts)

@app.get("/blocks")
-@auth_required
+@admin_level_required(PERMS['USER_BLOCKS_VISIBLE'])
 def blocks(v):


--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -62,6 +62,7 @@ gevent.spawn(leaderboard_thread())
 def upvoters_posts(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -83,6 +84,7 @@ def upvoters_posts(v, username, uid):
 def upvoters_comments(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -104,6 +106,7 @@ def upvoters_comments(v, username, uid):
 def downvoters_posts(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -125,6 +128,7 @@ def downvoters_posts(v, username, uid):
 def downvoters_comments(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -149,6 +153,7 @@ def downvoters_comments(v, username, uid):
 def upvoting_posts(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -170,6 +175,7 @@ def upvoting_posts(v, username, uid):
 def upvoting_comments(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -191,6 +197,7 @@ def upvoting_comments(v, username, uid):
 def downvoting_posts(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -212,6 +219,7 @@ def downvoting_posts(v, username, uid):
 def downvoting_comments(v, username, uid):
 	u = get_user(username)
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)): abort(403)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
 	uid = int(uid)

@ -255,6 +263,8 @@ def agendaposters(v):
@auth_required
 def upvoters(v, username):
 	id = get_user(username).id
+	if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
+		abort(403)

 	votes = g.db.query(Vote.user_id, func.count(Vote.user_id)).join(Submission).filter(Submission.ghost == False, Submission.is_banned == False, Submission.deleted_utc == 0, Vote.vote_type==1, Submission.author_id==id).group_by(Vote.user_id).order_by(func.count(Vote.user_id).desc()).all()

@ -286,6 +296,8 @@ def upvoters(v, username):
@auth_required
 def downvoters(v, username):
 	id = get_user(username).id
+	if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
+		abort(403)

 	votes = g.db.query(Vote.user_id, func.count(Vote.user_id)).join(Submission).filter(Submission.ghost == False, Submission.is_banned == False, Submission.deleted_utc == 0, Vote.vote_type==-1, Submission.author_id==id).group_by(Vote.user_id).order_by(func.count(Vote.user_id).desc()).all()

@ -315,6 +327,8 @@ def downvoters(v, username):
@auth_required
 def upvoting(v, username):
 	id = get_user(username).id
+	if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
+		abort(403)

 	votes = g.db.query(Submission.author_id, func.count(Submission.author_id)).join(Vote).filter(Submission.ghost == False, Submission.is_banned == False, Submission.deleted_utc == 0, Vote.vote_type==1, Vote.user_id==id).group_by(Submission.author_id).order_by(func.count(Submission.author_id).desc()).all()

@ -344,6 +358,8 @@ def upvoting(v, username):
@auth_required
 def downvoting(v, username):
 	id = get_user(username).id
+	if not (v.id == id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']):
+		abort(403)

 	votes = g.db.query(Submission.author_id, func.count(Submission.author_id)).join(Vote).filter(Submission.ghost == False, Submission.is_banned == False, Submission.deleted_utc == 0, Vote.vote_type==-1, Vote.user_id==id).group_by(Submission.author_id).order_by(func.count(Submission.author_id).desc()).all()

@ -857,6 +873,9 @@ def redditor_moment_redirect(username, v):
@auth_required
 def followers(username, v):
 	u = get_user(username, v=v)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
+		abort(403)
+
 	users = g.db.query(User).join(Follow, Follow.target_id == u.id) \
 		.filter(Follow.user_id == User.id) \
 		.order_by(Follow.created_utc).all()
@ -866,6 +885,9 @@ def followers(username, v):
@auth_required
 def following(username, v):
 	u = get_user(username, v=v)
+	if not (v.id == u.id or v.admin_level >= PERMS['USER_FOLLOWS_VISIBLE']):
+		abort(403)
+
 	users = g.db.query(User).join(Follow, Follow.user_id == u.id) \
 		.filter(Follow.target_id == User.id) \
 		.order_by(Follow.created_utc).all()
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@ -74,9 +74,11 @@
 									<li class="nav-item">
 										<a class="nav-link{% if request.path == '/banned' %} active{% endif %}" href="/banned"><i class="fas fa-user-slash pr-2"></i>Permabanned Users</a>
 									</li>
+									{% if v and v.admin_level >= PERMS['USER_BLOCKS_VISIBLE'] -%}
 									<li class="nav-item">
 										<a class="nav-link{% if request.path == '/blocks' %} active{% endif %}" href="/blocks"><i class="fas fa-user-slash pr-2"></i>Blocks</a>
 									</li>
+									{%- endif %}
 									<li class="nav-item">
 										<a class="nav-link{% if request.path == '/h/changelog' %} active{% endif %}" href="https://rdrama.net/h/changelog"><i class="fas fa-clipboard pr-2"></i>Changelog</a>
 									</li>
--- a/files/templates/userpage.html
+++ b/files/templates/userpage.html
@ -115,7 +115,9 @@
 					<pre></pre>
 				{% endif %}
 				
+				{% if v and (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']) -%}
 				<div class="font-weight-bolder mb-2" id="profile--simphate"><a class="mr-1" href="/@{{u.username}}/upvoters">Simps</a> | <a class="mx-1" href="/@{{u.username}}/downvoters">Haters</a> | <a class="mx-1" href="/@{{u.username}}/upvoting">Simps for</a> | <a class="ml-1" href="/@{{u.username}}/downvoting">Hates</a></div>
+				{%- endif %}

 				<div class="font-weight-bolder">
 					<span id="profile-coins-amount">{{u.coins}}</span>
@ -428,7 +430,9 @@
 					<pre></pre>
 				{% endif %}

+				{% if v and (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']) -%}
 				<div class="font-weight-bolder mb-2" id="profile-mobile--simphate"><a class="mr-1" href="/@{{u.username}}/upvoters">Simps</a> | <a class="mx-1" href="/@{{u.username}}/downvoters">Haters</a> | <a class="mx-1" href="/@{{u.username}}/upvoting">Simps for</a> | <a class="ml-1" href="/@{{u.username}}/downvoting">Hates</a></div>
+				{%- endif %}

 				<div class="font-weight-normal">
 					<span id="profile-coins-amount-mobile" class="font-weight-bold">{{u.coins}}</span>