From aec4724e2fd302e31cf1214432d9c1a9984014c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lera=20Elvo=C3=A9?= <yagich@poto.cafe>
Date: Fri, 15 Aug 2025 23:45:23 +0300
Subject: [PATCH] restore shadowban functionality to mods

---
 app/models.py       | 3 +++
 app/routes/users.py | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/models.py b/app/models.py
index 1d7297d..f985636 100644
--- a/app/models.py
+++ b/app/models.py
@@ -18,6 +18,9 @@ class Users(Model):
     def is_mod(self):
         return self.permission >= PermissionLevel.MODERATOR.value
 
+    def is_mod_only(self):
+        return self.permission == PermissionLevel.MODERATOR.value
+
     def is_admin(self):
         return self.permission == PermissionLevel.ADMIN.value
 
diff --git a/app/routes/users.py b/app/routes/users.py
index 37f071d..2adddf0 100644
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -448,12 +448,12 @@ def demod_user(user_id):
 
 @bp.post("/guest_user/<user_id>")
 @login_required
-@admin_only("topics.all_topics")
+@mod_only("topics.all_topics")
 def guest_user(user_id):
     target_user = Users.find({"id": user_id})
     if not target_user:
         return redirect(url_for('.all_topics'))
-    if target_user.is_mod():
+    if get_active_user().is_mod_only() and target_user.is_mod():
         return redirect(url_for('.page', username=target_user.username))
 
     target_user.update({