yagich/pyrom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: yagich:a0c86f33b4b1b686f1df47bebc609bcbd5679865
Branches Tags
yagich:main
...
compare: yagich:aec4724e2fd302e31cf1214432d9c1a9984014c0
Branches Tags
yagich:main

4 Commits
a0c86f33b4 ... aec4724e2f

Author SHA1 Message Date
Lera Elvoé
aec4724e2f restore shadowban functionality to mods 2025-08-15 23:45:23 +03:00
Lera Elvoé
53d39d5a36 properly redirect in set avatar 2025-08-15 23:34:45 +03:00
Lera Elvoé
05bd034b23 redirect on post delete if target post cant be found 2025-08-15 23:23:55 +03:00
Lera Elvoé
033df03c49 quote column names in db insert 2025-08-15 21:59:42 +03:00
4 changed files with 20 additions and 8 deletions
Expand all files Collapse all files

2
app/db.py
View File

@ -55,7 +55,7 @@ class DB:
def insert(self, table, columns, *values): def insert(self, table, columns, *values):
if isinstance(columns, (list, tuple)): if isinstance(columns, (list, tuple)):
columns = ", ".join(columns) columns = ", ".join([f'"{column}"' for column in columns])
placeholders = ", ".join(["?"] * len(values)) placeholders = ", ".join(["?"] * len(values))
sql = f""" sql = f"""

3
app/models.py
View File

@ -18,6 +18,9 @@ class Users(Model):
def is_mod(self): def is_mod(self):
return self.permission >= PermissionLevel.MODERATOR.value return self.permission >= PermissionLevel.MODERATOR.value
def is_mod_only(self):
return self.permission == PermissionLevel.MODERATOR.value
def is_admin(self): def is_admin(self):
return self.permission == PermissionLevel.ADMIN.value return self.permission == PermissionLevel.ADMIN.value

9
app/routes/posts.py
View File

@ -48,6 +48,9 @@ def update_post(post_id, new_content, markup_language='babycode'):
@login_required @login_required
def delete(post_id): def delete(post_id):
post = Posts.find({'id': post_id}) post = Posts.find({'id': post_id})
if not post:
return redirect(url_for('topics.all_topics'))
thread = Threads.find({'id': post.thread_id}) thread = Threads.find({'id': post.thread_id})
user = get_active_user() user = get_active_user()
if not user: if not user:
@ -76,6 +79,10 @@ def delete(post_id):
@bp.get("/<post_id>/edit") @bp.get("/<post_id>/edit")
@login_required @login_required
def edit(post_id): def edit(post_id):
post = Posts.find({'id': post_id})
if not post:
return redirect(url_for('topics.all_topics'))
user = get_active_user() user = get_active_user()
q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?" q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?"
editing_post = db.fetch_one(q, post_id) editing_post = db.fetch_one(q, post_id)
@ -106,6 +113,8 @@ def edit(post_id):
def edit_form(post_id): def edit_form(post_id):
user = get_active_user() user = get_active_user()
post = Posts.find({'id': post_id}) post = Posts.find({'id': post_id})
if not post:
return redirect(url_for('topics.all_topics'))
if post.user_id != user.id: if post.user_id != user.id:
return redirect(url_for('topics.all_topics')) return redirect(url_for('topics.all_topics'))

14
app/routes/users.py
View File

@ -310,17 +310,17 @@ def settings_form(username):
def set_avatar(username): def set_avatar(username):
user = get_active_user() user = get_active_user()
if user.is_guest(): if user.is_guest():
flash('You must be logged in to perform this action.', InfoboxKind.ERROR) flash('You are a guest. Your account must be confirmed by a moderator to perform this action.', InfoboxKind.ERROR)
return redirect(url_for('.settings', user.username)) return redirect(url_for('.settings', username=user.username))
if 'avatar' not in request.files: if 'avatar' not in request.files:
flash('Avatar missing.', InfoboxKind.ERROR) flash('Avatar missing.', InfoboxKind.ERROR)
return redirect(url_for('.settings', user.username)) return redirect(url_for('.settings', username=user.username))
file = request.files['avatar'] file = request.files['avatar']
if file.filename == '': if file.filename == '':
flash('Avatar missing.', InfoboxKind.ERROR) flash('Avatar missing.', InfoboxKind.ERROR)
return redirect(url_for('.settings', user.username)) return redirect(url_for('.settings', username=user.username))
file_bytes = file.read() file_bytes = file.read()
@ -345,7 +345,7 @@ def set_avatar(username):
return redirect(url_for('.settings', username=user.username)) return redirect(url_for('.settings', username=user.username))
else: else:
flash('Something went wrong. Please try again later.', InfoboxKind.WARN) flash('Something went wrong. Please try again later.', InfoboxKind.WARN)
return redirect(url_for('.settings', user.username)) return redirect(url_for('.settings', username=user.username))
@bp.post('/<username>/change_password') @bp.post('/<username>/change_password')
@ -448,12 +448,12 @@ def demod_user(user_id):
@bp.post("/guest_user/<user_id>") @bp.post("/guest_user/<user_id>")
@login_required @login_required
@admin_only("topics.all_topics") @mod_only("topics.all_topics")
def guest_user(user_id): def guest_user(user_id):
target_user = Users.find({"id": user_id}) target_user = Users.find({"id": user_id})
if not target_user: if not target_user:
return redirect(url_for('.all_topics')) return redirect(url_for('.all_topics'))
if target_user.is_mod(): if get_active_user().is_mod_only() and target_user.is_mod():
return redirect(url_for('.page', username=target_user.username)) return redirect(url_for('.page', username=target_user.username))
target_user.update({ target_user.update({