michael/pyfedi
1
0
Fork 0
mirror of https://codeberg.org/rimu/pyfedi synced 2025-01-23 11:26:56 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

limit access to voting data

Browse source
This commit is contained in:
rimu 2024-09-24 09:28:06 +12:00
parent 705de82714
commit 7e4163db6b
3 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/post/routes.py
View file

@ -31,7 +31,8 @@ from app.utils import get_setting, render_template, allowlist_html, markdown_to_
reply_already_exists, reply_is_just_link_to_gif_reaction, confidence, moderating_communities, joined_communities, \
blocked_instances, blocked_domains, community_moderators, blocked_phrases, show_ban_message, recently_upvoted_posts, \
recently_downvoted_posts, recently_upvoted_post_replies, recently_downvoted_post_replies, reply_is_stupid, \
languages_for_form, menu_topics, add_to_modlog, blocked_communities, piefed_markdown_to_lemmy_markdown
languages_for_form, menu_topics, add_to_modlog, blocked_communities, piefed_markdown_to_lemmy_markdown, \
permission_required
def show_post(post_id: int):
@ -1791,10 +1792,9 @@ def post_cross_posts(post_id: int):
@bp.route('/post/<int:post_id>/voting_activity', methods=['GET'])
@login_required
@permission_required('change instance settings')
def post_view_voting_activity(post_id: int):
post = Post.query.get_or_404(post_id)
if not current_user.is_admin() and not post.community.is_moderator() and not post.community.is_owner():
abort(404)
post_title=post.title
upvoters = User.query.join(PostVote, PostVote.user_id == User.id).filter_by(post_id=post_id, effect=1.0).order_by(User.ap_domain, User.user_name)
@ -1812,10 +1812,9 @@ def post_view_voting_activity(post_id: int):
@bp.route('/comment/<int:comment_id>/voting_activity', methods=['GET'])
@login_required
@permission_required('change instance settings')
def post_reply_view_voting_activity(comment_id: int):
post_reply = PostReply.query.get_or_404(comment_id)
if not current_user.is_admin() and not post_reply.community.is_moderator() and not post_reply.community.is_owner():
abort(404)
reply_text=post_reply.body
upvoters = User.query.join(PostReplyVote, PostReplyVote.user_id == User.id).filter_by(post_reply_id=comment_id, effect=1.0).order_by(User.ap_domain, User.user_name)

2
app/templates/post/post_options.html
View file

@ -62,7 +62,7 @@
{% endif -%}
<li><a href="{{ url_for('post.post_report', post_id=post.id) }}" class="no-underline" rel="nofollow"><span class="fe fe-report"></span>
{{ _('Report to moderators') }}</a></li>
{% if current_user.is_authenticated and (post.community.is_moderator() or post.community.is_owner() or current_user.is_admin()) -%}
{% if current_user.is_authenticated and (current_user.is_admin() or current_user.is_staff()) -%}
<li><a href="{{ url_for('post.post_view_voting_activity', post_id=post.id) }}" class="no-underline" rel="nofollow"><span class="fe fe-sticky-left"></span>
{{ _('View Voting Activity') }}</a></li>
{% endif -%}

2
app/templates/post/post_reply_options.html
View file

@ -41,7 +41,7 @@
{{ _("Hide every post from author's instance: %(name)s", name=post_reply.instance.domain) }}</a></li>
{% endif -%}
{% endif -%}
{% if current_user.is_authenticated and (post_reply.community.is_moderator() or post_reply.community.is_owner() or current_user.is_admin()) -%}
{% if current_user.is_authenticated and (current_user.is_admin() or current_user.is_staff()) -%}
<li><a href="{{ url_for('post.post_reply_view_voting_activity', comment_id=post_reply.id) }}" class="no-underline" rel="nofollow"><span class="fe fe-sticky-left"></span>
{{ _('View Voting Activity') }}</a></li>
{% endif -%}