Solve blocking weaponization.
* allow anyone to reply to their blockers * revert userblocks thing * get rid of unnecessary template * make blocking page accurate * comment author things * fix prev commit * fix block page * comma splice Co-authored-by: Snakes <104547575+TLSM@users.noreply.github.com>
This commit is contained in:
justcool393
GitHub
parent
af31abd545
commit
a213396854
6 changed files with 27 additions and 71 deletions
|
|
@ -315,8 +315,12 @@ function post_comment(fullname,id,level = 1){
|
|||
replyArea.classList.add('d-none');
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
if (data["message"]) {
|
||||
document.getElementById("toast-post-success-text").innerText = data["message"];
|
||||
bootstrap.Toast.getOrCreateInstance(document.getElementById("toast-post-success")).show();
|
||||
}
|
||||
} else {
|
||||
if (data && data["error"]) document.getElementById('toast-post-error-text').innerText = data["error"];
|
||||
if (data && data["details"]) document.getElementById('toast-post-error-text').innerText = data["details"];
|
||||
else document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
|
||||
|
|
|
|||
|
|
@ -627,11 +627,18 @@ class User(Base):
|
|||
def subscribed_idlist(self, page=1):
|
||||
posts = g.db.query(Subscription.submission_id).filter_by(user_id=self.id).all()
|
||||
return [x[0] for x in posts]
|
||||
|
||||
@property
|
||||
@lazy
|
||||
def all_userblocks(self):
|
||||
''' User blocks by and targeting this user '''
|
||||
return [x[0] for x in g.db.query(UserBlock.target_id).filter(or_(UserBlock.user_id == self.id, UserBlock.target_id == self.id)).all()]
|
||||
|
||||
@property
|
||||
@lazy
|
||||
def userblocks(self):
|
||||
return [x[0] for x in g.db.query(UserBlock.target_id).filter_by(user_id=self.id).all()] + [x[0] for x in g.db.query(UserBlock.user_id).filter_by(target_id=self.id).all()]
|
||||
''' User blocks by this user '''
|
||||
return [x[0] for x in g.db.query(UserBlock.target_id).filter_by(user_id=self.id).all()]
|
||||
|
||||
@lazy
|
||||
def saved_idlist(self, page=1):
|
||||
|
|
|
|||
|
|
@ -216,8 +216,7 @@ def api_comment(v):
|
|||
if existing:
|
||||
abort(409, f"You already made that comment: /comment/{existing.id}")
|
||||
|
||||
if parent.author.any_block_exists(v) and v.admin_level < 2:
|
||||
abort(403, "You can't reply to users who have blocked you, or users you have blocked.")
|
||||
replying_to_blocked = parent.author.is_blocking(v) and v.admin_level < 2
|
||||
|
||||
is_bot = bool(request.headers.get("Authorization"))
|
||||
|
||||
|
|
@ -297,10 +296,16 @@ def api_comment(v):
|
|||
g.db.commit()
|
||||
|
||||
if request.headers.get("Authorization"): return c.json
|
||||
return {"comment": render_template("comments.html", v=v, comments=[c], ajax=True, parent_level=level)}
|
||||
|
||||
if replying_to_blocked:
|
||||
message = "This user has blocked you. You are still welcome to reply " \
|
||||
"but you will be held to a higher standard of civility than you would be otherwise"
|
||||
else:
|
||||
message = None
|
||||
return {"comment": render_template("comments.html", v=v, comments=[c], ajax=True, parent_level=level), "message": message}
|
||||
|
||||
|
||||
def comment_on_publish(comment):
|
||||
def comment_on_publish(comment:Comment):
|
||||
"""
|
||||
Run when comment becomes visible: immediately for non-filtered comments,
|
||||
or on approval for previously filtered comments.
|
||||
|
|
@ -308,10 +313,11 @@ def comment_on_publish(comment):
|
|||
reflect the comments users will actually see.
|
||||
"""
|
||||
# TODO: Get this out of the routes and into a model eventually...
|
||||
author = comment.author
|
||||
|
||||
# Shadowbanned users are invisible. This may lead to inconsistencies if
|
||||
# a user comments while shadowed and is later unshadowed. (TODO?)
|
||||
if comment.author.shadowbanned:
|
||||
if author.shadowbanned:
|
||||
return
|
||||
|
||||
# Comment instances used for purposes other than actual comments (notifs,
|
||||
|
|
@ -329,7 +335,7 @@ def comment_on_publish(comment):
|
|||
to_notify.update([x[0] for x in post_subscribers])
|
||||
|
||||
parent = comment.parent
|
||||
if parent and parent.author_id != comment.author_id:
|
||||
if parent and parent.author_id != comment.author_id and not parent.author.is_blocking(author):
|
||||
to_notify.add(parent.author_id)
|
||||
|
||||
for uid in to_notify:
|
||||
|
|
|
|||
|
|
@ -772,11 +772,7 @@ def visitors(v):
|
|||
@app.get("/@<username>")
|
||||
@auth_desired
|
||||
def u_username(username, v=None):
|
||||
|
||||
|
||||
u = get_user(username, v=v)
|
||||
|
||||
|
||||
if username != u.username:
|
||||
return redirect(SITE_FULL + request.full_path.replace(username, u.username)[:-1])
|
||||
|
||||
|
|
@ -803,12 +799,6 @@ def u_username(username, v=None):
|
|||
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(403, f"You are blocking @{u.username}.")
|
||||
return render_template("userpage_blocking.html", u=u, v=v)
|
||||
|
||||
|
||||
if v and v.admin_level < 2 and hasattr(u, 'is_blocked') and u.is_blocked:
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(403, "This person is blocking you.")
|
||||
return render_template("userpage_blocked.html", u=u, v=v)
|
||||
|
||||
|
||||
sort = request.values.get("sort", "new")
|
||||
t = request.values.get("t", "all")
|
||||
try: page = max(int(request.values.get("page", 1)), 1)
|
||||
|
|
@ -858,11 +848,8 @@ def u_username(username, v=None):
|
|||
@app.get("/@<username>/comments")
|
||||
@auth_desired
|
||||
def u_username_comments(username, v=None):
|
||||
|
||||
user = get_user(username, v=v)
|
||||
|
||||
if username != user.username: return redirect(f'/@{user.username}/comments')
|
||||
|
||||
u = user
|
||||
|
||||
if u.reserved:
|
||||
|
|
@ -880,11 +867,6 @@ def u_username_comments(username, v=None):
|
|||
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(403, f"You are blocking @{u.username}.")
|
||||
return render_template("userpage_blocking.html", u=u, v=v)
|
||||
|
||||
if v and v.admin_level < 2 and hasattr(u, 'is_blocked') and u.is_blocked:
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(403, "This person is blocking you.")
|
||||
return render_template("userpage_blocked.html", u=u, v=v)
|
||||
|
||||
|
||||
try: page = max(int(request.values.get("page", "1")), 1)
|
||||
except: page = 1
|
||||
|
||||
|
|
|
|||
|
|
@ -1,15 +1,10 @@
|
|||
{% extends "settings.html" %}
|
||||
|
||||
{% block pagetitle %}Block Settings - {{SITE_TITLE}}{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
<script src="{{ 'js/settings_blocks.js' | asset }}"></script>
|
||||
|
||||
<div class="row">
|
||||
|
||||
<div class="col">
|
||||
|
||||
{% if error %}
|
||||
<div class="alert alert-danger alert-dismissible fade show my-3" role="alert">
|
||||
<i class="fas fa-exclamation-circle my-auto"></i>
|
||||
|
|
@ -21,29 +16,20 @@
|
|||
</button>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<div class="row">
|
||||
|
||||
<div class="col">
|
||||
|
||||
<div class="d-md-flex justify-content-between mb-3">
|
||||
|
||||
<div>
|
||||
<h2 class="h5">Users you block</h2>
|
||||
<p class="text-small text-muted mb-md-0">You have blocked the following users. They cannot reply to your content or notify you with a username mention.</p>
|
||||
<p class="text-small text-muted mb-md-0">You have blocked the following users. They cannot notify you or send you messages and their comments are hidden.</p>
|
||||
</div>
|
||||
<div class="mt-auto">
|
||||
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#blockmodal">Block user</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
{% if v.blocking.first() %}
|
||||
<div class="card mb-5">
|
||||
<div class="overflow-x-auto"><table class="table table-hover rounded mb-0">
|
||||
|
|
@ -61,9 +47,7 @@
|
|||
<a href="{{block.target.permalink}}">
|
||||
<img loading="lazy" src="{{block.target.profile_url}}" class="pp20 align-top mr-2">@{{block.target.username}}</a>
|
||||
</td>
|
||||
|
||||
<td>{{block.created_date}}</td>
|
||||
|
||||
<td>
|
||||
<div class="dropdown float-right dropdown-actions">
|
||||
<a role="button" id="dropdownMoreLink" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" style="line-height: 0;">
|
||||
|
|
@ -87,9 +71,7 @@
|
|||
<p class="font-weight-bold text-gray-500 mb-0">No blocked users</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="modal fade" id="blockmodal" tabindex="-1" role="dialog" aria-labelledby="blockmodal" aria-hidden="true">
|
||||
|
|
@ -120,5 +102,4 @@
|
|||
<i class="fas fa-exclamation-circle text-danger mr-2"></i><span id="toast-error-message">Error. Please try again.</span>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
{% extends "default.html" %}
|
||||
|
||||
{% block pagetype %}userpage{% endblock %}
|
||||
|
||||
{% block fixedMobileBarJS %}
|
||||
{% endblock %}
|
||||
|
||||
{% block title %}
|
||||
<title><span {% if u.patron %}class="patron" style="background-color:#{{u.namecolor}}"{% endif %}>{{u.username}}</span></title>
|
||||
|
||||
{% endblock %}
|
||||
|
||||
<div class="row no-gutters">
|
||||
<div class="col-12">
|
||||
<div class="text-center py-7 py-md-8">
|
||||
<span class="fa-stack fa-2x text-muted mb-4">
|
||||
<i class="fas fa-square text-danger opacity-25 fa-stack-2x"></i>
|
||||
<i class="fas text-danger fa-user-cog fa-stack-1x text-lg"></i>
|
||||
</span>
|
||||
<h2 class="h5">@{{u.username}} has blocked you.</h2>
|
||||
<p class="text-muted">You can't see their profile.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
Loading…
Add table
Add a link
Reference in a new issue