From 35aeb816d7dfd3f430f5aefe2e090caf236bcc4b Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sun, 13 Feb 2022 13:02:44 +0200 Subject: [PATCH] mn --- files/classes/comment.py | 2 +- files/helpers/wrappers.py | 4 +++- files/routes/admin.py | 16 ++++++++-------- files/routes/subs.py | 1 + 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/files/classes/comment.py b/files/classes/comment.py index 20f4003ae..afe6b44a7 100644 --- a/files/classes/comment.py +++ b/files/classes/comment.py @@ -27,7 +27,7 @@ class Comment(Base): bannedfor = Column(Boolean) distinguish_level = Column(Integer, default=0) deleted_utc = Column(Integer, default=0) - is_approved = Column(Integer, default=0) + is_approved = Column(Integer, ForeignKey("users.id")) level = Column(Integer, default=0) parent_comment_id = Column(Integer, ForeignKey("comments.id")) top_comment_id = Column(Integer) diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index 6bf1563f9..28347ad71 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -20,7 +20,9 @@ def get_logged_in_user(): if not lo_user: return None nonce = session.get("login_nonce", 0) - v = g.db.query(User).filter_by(id=lo_user).one_or_none() + id = int(lo_user) + v = g.db.query(User).filter_by(id=id).one_or_none() + if v.id != id: abort(400) if not v or nonce < v.login_nonce: return None v.client = None diff --git a/files/routes/admin.py b/files/routes/admin.py index db97895d7..7afa93d74 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -373,7 +373,7 @@ def reported_posts(v): page = max(1, int(request.values.get("page", 1))) listing = g.db.query(Submission).filter_by( - is_approved=0, + is_approved=None, is_banned=False ).join(Submission.reports).order_by(Submission.id.desc()).offset(25 * (page - 1)).limit(26) @@ -395,7 +395,7 @@ def reported_comments(v): listing = g.db.query(Comment ).filter_by( - is_approved=0, + is_approved=None, is_banned=False ).join(Comment.reports).order_by(Comment.id.desc()).offset(25 * (page - 1)).limit(26).all() @@ -526,9 +526,9 @@ def badge_grant_post(v): if url: new_badge.url = url g.db.add(new_badge) - + g.db.flush() + if v.id != user.id: - g.db.flush() text = f"@{v.username} has given you the following profile badge:\n\n![]({new_badge.path})\n\n{new_badge.name}" send_notification(user.id, text) @@ -568,8 +568,6 @@ def badge_remove_post(v): badge = user.has_badge(badge_id) if badge: - g.db.delete(badge) - ma = ModAction( kind="badge_remove", user_id=v.id, @@ -578,6 +576,8 @@ def badge_remove_post(v): ) g.db.add(ma) + g.db.delete(badge) + g.db.commit() return render_template("admin/badge_remove.html", v=v, badge_types=badges, msg="Badge removed!") @@ -1112,7 +1112,7 @@ def ban_post(post_id, v): abort(400) post.is_banned = True - post.is_approved = 0 + post.is_approved = None post.stickied = None post.is_pinned = False post.ban_reason = v.username @@ -1319,7 +1319,7 @@ def api_ban_comment(c_id, v): abort(404) comment.is_banned = True - comment.is_approved = 0 + comment.is_approved = None comment.ban_reason = v.username g.db.add(comment) ma=ModAction( diff --git a/files/routes/subs.py b/files/routes/subs.py index b3f3ad3b3..a3af3ff45 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -108,6 +108,7 @@ def create_sub2(v): sub = Sub(name=name) g.db.add(sub) + g.db.flush() mod = Mod(user_id=v.id, sub=sub.name, created_utc=int(time.time())) g.db.add(mod) g.db.commit()