Compare commits
4 Commits
a0c86f33b4
...
aec4724e2f
| Author | SHA1 | Date | |
|---|---|---|---|
aec4724e2f
|
|||
|
53d39d5a36
|
|||
|
05bd034b23
|
|||
|
033df03c49
|
@ -55,7 +55,7 @@ class DB:
|
||||
|
||||
def insert(self, table, columns, *values):
|
||||
if isinstance(columns, (list, tuple)):
|
||||
columns = ", ".join(columns)
|
||||
columns = ", ".join([f'"{column}"' for column in columns])
|
||||
|
||||
placeholders = ", ".join(["?"] * len(values))
|
||||
sql = f"""
|
||||
|
||||
@ -18,6 +18,9 @@ class Users(Model):
|
||||
def is_mod(self):
|
||||
return self.permission >= PermissionLevel.MODERATOR.value
|
||||
|
||||
def is_mod_only(self):
|
||||
return self.permission == PermissionLevel.MODERATOR.value
|
||||
|
||||
def is_admin(self):
|
||||
return self.permission == PermissionLevel.ADMIN.value
|
||||
|
||||
|
||||
@ -48,6 +48,9 @@ def update_post(post_id, new_content, markup_language='babycode'):
|
||||
@login_required
|
||||
def delete(post_id):
|
||||
post = Posts.find({'id': post_id})
|
||||
if not post:
|
||||
return redirect(url_for('topics.all_topics'))
|
||||
|
||||
thread = Threads.find({'id': post.thread_id})
|
||||
user = get_active_user()
|
||||
if not user:
|
||||
@ -76,6 +79,10 @@ def delete(post_id):
|
||||
@bp.get("/<post_id>/edit")
|
||||
@login_required
|
||||
def edit(post_id):
|
||||
post = Posts.find({'id': post_id})
|
||||
if not post:
|
||||
return redirect(url_for('topics.all_topics'))
|
||||
|
||||
user = get_active_user()
|
||||
q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?"
|
||||
editing_post = db.fetch_one(q, post_id)
|
||||
@ -106,6 +113,8 @@ def edit(post_id):
|
||||
def edit_form(post_id):
|
||||
user = get_active_user()
|
||||
post = Posts.find({'id': post_id})
|
||||
if not post:
|
||||
return redirect(url_for('topics.all_topics'))
|
||||
if post.user_id != user.id:
|
||||
return redirect(url_for('topics.all_topics'))
|
||||
|
||||
|
||||
@ -310,17 +310,17 @@ def settings_form(username):
|
||||
def set_avatar(username):
|
||||
user = get_active_user()
|
||||
if user.is_guest():
|
||||
flash('You must be logged in to perform this action.', InfoboxKind.ERROR)
|
||||
return redirect(url_for('.settings', user.username))
|
||||
flash('You are a guest. Your account must be confirmed by a moderator to perform this action.', InfoboxKind.ERROR)
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
if 'avatar' not in request.files:
|
||||
flash('Avatar missing.', InfoboxKind.ERROR)
|
||||
return redirect(url_for('.settings', user.username))
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
|
||||
file = request.files['avatar']
|
||||
|
||||
if file.filename == '':
|
||||
flash('Avatar missing.', InfoboxKind.ERROR)
|
||||
return redirect(url_for('.settings', user.username))
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
|
||||
file_bytes = file.read()
|
||||
|
||||
@ -345,7 +345,7 @@ def set_avatar(username):
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
else:
|
||||
flash('Something went wrong. Please try again later.', InfoboxKind.WARN)
|
||||
return redirect(url_for('.settings', user.username))
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
|
||||
|
||||
@bp.post('/<username>/change_password')
|
||||
@ -448,12 +448,12 @@ def demod_user(user_id):
|
||||
|
||||
@bp.post("/guest_user/<user_id>")
|
||||
@login_required
|
||||
@admin_only("topics.all_topics")
|
||||
@mod_only("topics.all_topics")
|
||||
def guest_user(user_id):
|
||||
target_user = Users.find({"id": user_id})
|
||||
if not target_user:
|
||||
return redirect(url_for('.all_topics'))
|
||||
if target_user.is_mod():
|
||||
if get_active_user().is_mod_only() and target_user.is_mod():
|
||||
return redirect(url_for('.page', username=target_user.username))
|
||||
|
||||
target_user.update({
|
||||
|
||||
Reference in New Issue
Block a user