perms: consistently use >= for admin levels

places that use the PERMS constant do it and this way makes it clearer what admin level is required to perform an action.
2023-04-04 04:08:17 -05:00 · 2023-04-04 04:08:17 -05:00 · 688cd91e83
commit 688cd91e83
parent 3bbedd7375
21 changed files with 50 additions and 50 deletions
--- a/files/routes/admin/admin.py
+++ b/files/routes/admin/admin.py
@ -222,7 +222,7 @@ def club_ban(v, username):
@limiter.exempt
@auth_required
 def shadowbanned(v):
-	if not (v and v.admin_level > 1): abort(404)
+	if not (v and v.admin_level >= 2): abort(404)
 	users = [x for x in g.db.query(User).filter(User.shadowbanned != None).order_by(User.shadowbanned).all()]
 	return render_template("shadowbanned.html", v=v, users=users)

@ -1189,7 +1189,7 @@ def sticky_post(post_id, v):
 	if post and not post.stickied:
 		pins = g.db.query(Submission.id).filter(Submission.stickied != None, Submission.is_banned == False).count()
 		if pins > 2:
-			if v.admin_level > 1:
+			if v.admin_level >= 2:
 				post.stickied = v.username
 				post.stickied_utc = int(time.time()) + 3600
 			else: abort(403, "Can't exceed 3 pinned posts limit!")
--- a/files/routes/chat.py
+++ b/files/routes/chat.py
@ -70,7 +70,7 @@ def speak(data, v):

 	total += 1

-	if v.admin_level > 1:
+	if v.admin_level >= 2:
 		text = text.lower()
 		for i in mute_regex.finditer(text):
 			username = i.group(1)
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -23,9 +23,9 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):

 	if comment.post and comment.post.club and not (v and (v.paid_dues or v.id in [comment.author_id, comment.post.author_id])): abort(403)

-	if comment.post and comment.post.private and not (v and (v.admin_level > 1 or v.id == comment.post.author.id)): abort(403)
+	if comment.post and comment.post.private and not (v and (v.admin_level >= 2 or v.id == comment.post.author.id)): abort(403)

-	if not comment.parent_submission and not (v and (comment.author.id == v.id or comment.sentto == v.id)) and not (v and v.admin_level > 1) : abort(403)
+	if not comment.parent_submission and not (v and (comment.author.id == v.id or comment.sentto == v.id)) and not (v and v.admin_level >= 2) : abort(403)
 	
 	if not pid:
 		if comment.parent_submission: pid = comment.parent_submission
@ -65,7 +65,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
 			blocked.c.target_id,
 		)

-		if not (v and v.shadowbanned) and not (v and v.admin_level > 2):
+		if not (v and v.shadowbanned) and not (v and v.admin_level >= 3):
 			comments = comments.join(User, User.id == Comment.author_id).filter(User.shadowbanned == None)
 		 
 		comments=comments.filter(
@ -96,7 +96,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
 			
 	if request.headers.get("Authorization"): return top_comment.json
 	else: 
-		if post.is_banned and not (v and (v.admin_level > 1 or post.author_id == v.id)): template = "submission_banned.html"
+		if post.is_banned and not (v and (v.admin_level >= 2 or post.author_id == v.id)): template = "submission_banned.html"
 		else: template = "submission.html"
 		return render_template(template, v=v, p=post, sort=sort, comment_info=comment_info, render_replies=True)

--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -49,12 +49,12 @@ def notifications(v):
 	modmail = request.values.get('modmail')
 	posts = request.values.get('posts')
 	reddit = request.values.get('reddit')
-	if modmail and v.admin_level > 1:
+	if modmail and v.admin_level >= 2:
 		comments = g.db.query(Comment).filter(Comment.sentto == MODMAIL_ID).order_by(Comment.id.desc()).offset(25*(page-1)).limit(26).all()
 		next_exists = (len(comments) > 25)
 		listing = comments[:25]
 	elif messages:
-		if v and (v.shadowbanned or v.admin_level > 2):
+		if v and (v.shadowbanned or v.admin_level >= 3):
 			comments = g.db.query(Comment).filter(Comment.sentto != None, or_(Comment.author_id==v.id, Comment.sentto==v.id), Comment.parent_submission == None, Comment.level == 1).order_by(Comment.id.desc()).offset(25*(page-1)).limit(26).all()
 		else:
 			comments = g.db.query(Comment).join(User, User.id == Comment.author_id).filter(User.shadowbanned == None, Comment.sentto != None, or_(Comment.author_id==v.id, Comment.sentto==v.id), Comment.parent_submission == None, Comment.level == 1).order_by(Comment.id.desc()).offset(25*(page-1)).limit(26).all()
@ -106,7 +106,7 @@ def notifications(v):
 			Comment.body_html.notlike('%<p>New site mention: <a href="https://old.reddit.com/r/%')
 		).order_by(Notification.created_utc.desc())

-		if not (v and (v.shadowbanned or v.admin_level > 2)):
+		if not (v and (v.shadowbanned or v.admin_level >= 3)):
 			comments = comments.join(User, User.id == Comment.author_id).filter(User.shadowbanned == None)

 		comments = comments.offset(25 * (page - 1)).limit(26).all()
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -118,7 +118,7 @@ def post_id(pid, anything=None, v=None):

 	if request.headers.get("Authorization"): return post.json
 	else:
-		if post.is_banned and not (v and (v.admin_level > 1 or post.author_id == v.id)): template = "submission_banned.html"
+		if post.is_banned and not (v and (v.admin_level >= 2 or post.author_id == v.id)): template = "submission_banned.html"
 		else: template = "submission.html"
 		return render_template(template, v=v, p=post, ids=list(ids), sort=sort, render_replies=True, offset=offset)

@ -636,7 +636,7 @@ def undelete_post_pid(pid, v):
@auth_required
 def toggle_comment_nsfw(cid, v):
 	comment = g.db.query(Comment).filter_by(id=cid).one_or_none()
-	if comment.author_id != v.id and not v.admin_level > 1: abort(403)
+	if comment.author_id != v.id and not v.admin_level >= 2: abort(403)
 	comment.over_18 = not comment.over_18
 	g.db.add(comment)

@ -650,7 +650,7 @@ def toggle_comment_nsfw(cid, v):
 def toggle_post_nsfw(pid, v):
 	post = get_post(pid)

-	if post.author_id != v.id and not v.admin_level > 1:
+	if post.author_id != v.id and not v.admin_level >= 2:
 		abort(403)

 	post.over_18 = not post.over_18
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@ -14,7 +14,7 @@ def api_flag_post(pid, v):
 	reason = request.values.get("reason", "").strip()[:100]
 	reason = filter_emojis_only(reason)

-	if reason.startswith('!') and v.admin_level > 1:
+	if reason.startswith('!') and v.admin_level >= 2:
 		post.flair = reason[1:]
 		g.db.add(post)
 		ma=ModAction(
--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -197,7 +197,7 @@ def patrons(v):
@app.get("/admins")
@auth_desired
 def admins(v):
-	if v and v.admin_level > 2:
+	if v and v.admin_level >= 3:
 		admins = g.db.query(User).filter(User.admin_level>1).order_by(User.truecoins.desc()).all()
 		admins += g.db.query(User).filter(User.admin_level==1).order_by(User.truecoins.desc()).all()
 	else: admins = g.db.query(User).filter(User.admin_level>0).order_by(User.truecoins.desc()).all()
@ -217,7 +217,7 @@ def log(v):

 	kind = request.values.get("kind")

-	if v and v.admin_level > 1:
+	if v and v.admin_level >= 2:
 		types = ACTIONTYPES
 	else:
 		types = ACTIONTYPES2
@ -225,7 +225,7 @@ def log(v):
 	if kind not in types: kind = None

 	actions = g.db.query(ModAction)
-	if not (v and v.admin_level > 1): 
+	if not (v and v.admin_level >= 2): 
 		actions = actions.filter(ModAction.kind.notin_(["shadowban","unshadowban","flair_post","edit_post"]))
 	
 	if admin_id:
@ -258,7 +258,7 @@ def log_item(v, id):

 	admins = [x[0] for x in g.db.query(User.username).filter(User.admin_level > 1).all()]

-	if v and v.admin_level > 1: types = ACTIONTYPES
+	if v and v.admin_level >= 2: types = ACTIONTYPES
 	else: types = ACTIONTYPES2

 	return render_template("log.html", v=v, actions=[action], next_exists=False, page=1, action=action, admins=admins, types=types)