indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check authorization on person options

merge-requests/30/head
Bob Mottram 2021-02-23 17:29:22 +00:00
parent e03b2e0fd8
commit 0dbd048a15
2 changed files with 125 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
daemon.py
View File

@ -2819,7 +2819,7 @@ class PubServer(BaseHTTPRequestHandler):
domain, domainFull, domain, domainFull,
GETstartTime, GETtimings, GETstartTime, GETtimings,
onionDomain, i2pDomain, onionDomain, i2pDomain,
cookie, debug) cookie, debug, authorized)
return return
else: else:
showPublishedDateOnly = self.server.showPublishedDateOnly showPublishedDateOnly = self.server.showPublishedDateOnly
@ -5486,7 +5486,8 @@ class PubServer(BaseHTTPRequestHandler):
domain: str, domainFull: str, domain: str, domainFull: str,
GETstartTime, GETtimings: {}, GETstartTime, GETtimings: {},
onionDomain: str, i2pDomain: str, onionDomain: str, i2pDomain: str,
cookie: str, debug: bool) -> None: cookie: str, debug: bool,
authorized: bool) -> None:
"""Show person options screen """Show person options screen
""" """
backToPath = '' backToPath = ''
@ -5576,7 +5577,8 @@ class PubServer(BaseHTTPRequestHandler):
lockedAccount, lockedAccount,
movedTo, alsoKnownAs, movedTo, alsoKnownAs,
self.server.textModeBanner, self.server.textModeBanner,
self.server.newsInstance).encode('utf-8') self.server.newsInstance,
authorized).encode('utf-8')
msglen = len(msg) msglen = len(msg)
self._set_headers('text/html', msglen, self._set_headers('text/html', msglen,
cookie, callingDomain) cookie, callingDomain)
@ -10495,7 +10497,8 @@ class PubServer(BaseHTTPRequestHandler):
GETstartTime, GETtimings, GETstartTime, GETtimings,
self.server.onionDomain, self.server.onionDomain,
self.server.i2pDomain, self.server.i2pDomain,
cookie, self.server.debug) cookie, self.server.debug,
authorized)
return return
self._benchmarkGETtimings(GETstartTime, GETtimings, self._benchmarkGETtimings(GETstartTime, GETtimings,

229
webapp_person_options.py
View File

@ -53,7 +53,8 @@ def htmlPersonOptions(defaultTimeline: str,
movedTo: str, movedTo: str,
alsoKnownAs: [], alsoKnownAs: [],
textModeBanner: str, textModeBanner: str,
newsInstance: bool) -> str: newsInstance: bool,
authorized: bool) -> str:
"""Show options for a person: view/follow/block/report """Show options for a person: view/follow/block/report
""" """
optionsDomain, optionsPort = getDomainFromActor(optionsActor) optionsDomain, optionsPort = getDomainFromActor(optionsActor)
@ -225,88 +226,91 @@ def htmlPersonOptions(defaultTimeline: str,
optionsActor + '">\n' optionsActor + '">\n'
optionsStr += ' <input type="hidden" name="avatarUrl" value="' + \ optionsStr += ' <input type="hidden" name="avatarUrl" value="' + \
optionsProfileUrl + '">\n' optionsProfileUrl + '">\n'
if optionsNickname: if authorized:
handle = optionsNickname + '@' + optionsDomainFull if optionsNickname:
petname = getPetName(baseDir, nickname, domain, handle) handle = optionsNickname + '@' + optionsDomainFull
optionsStr += \ petname = getPetName(baseDir, nickname, domain, handle)
' ' + translate['Petname'] + ': \n' + \ optionsStr += \
' <input type="text" name="optionpetname" value="' + \ ' ' + translate['Petname'] + ': \n' + \
petname + '">\n' \ ' <input type="text" name="optionpetname" value="' + \
' <button type="submit" class="buttonsmall" ' + \ petname + '">\n' \
'name="submitPetname">' + \ ' <button type="submit" class="buttonsmall" ' + \
translate['Submit'] + '</button><br>\n' 'name="submitPetname">' + \
translate['Submit'] + '</button><br>\n'
# checkbox for receiving calendar events # checkbox for receiving calendar events
if isFollowingActor(baseDir, nickname, domain, optionsActor): if isFollowingActor(baseDir, nickname, domain, optionsActor):
checkboxStr = \ checkboxStr = \
' <input type="checkbox" ' + \ ' <input type="checkbox" ' + \
'class="profilecheckbox" name="onCalendar" checked> ' + \ 'class="profilecheckbox" name="onCalendar" checked> ' + \
translate['Receive calendar events from this account'] + \ translate['Receive calendar events from this account'] + \
'\n <button type="submit" class="buttonsmall" ' + \ '\n <button type="submit" class="buttonsmall" ' + \
'name="submitOnCalendar">' + \ 'name="submitOnCalendar">' + \
translate['Submit'] + '</button><br>\n' translate['Submit'] + '</button><br>\n'
if not receivingCalendarEvents(baseDir, nickname, domain, if not receivingCalendarEvents(baseDir, nickname, domain,
optionsNickname, optionsDomainFull): optionsNickname,
checkboxStr = checkboxStr.replace(' checked>', '>') optionsDomainFull):
optionsStr += checkboxStr checkboxStr = checkboxStr.replace(' checked>', '>')
optionsStr += checkboxStr
# checkbox for permission to post to newswire # checkbox for permission to post to newswire
newswirePostsPermitted = False newswirePostsPermitted = False
if optionsDomainFull == domainFull: if optionsDomainFull == domainFull:
adminNickname = getConfigParam(baseDir, 'admin') adminNickname = getConfigParam(baseDir, 'admin')
if (nickname == adminNickname or if (nickname == adminNickname or
(isModerator(baseDir, nickname) and (isModerator(baseDir, nickname) and
not isModerator(baseDir, optionsNickname))): not isModerator(baseDir, optionsNickname))):
newswireBlockedFilename = \ newswireBlockedFilename = \
baseDir + '/accounts/' + \
optionsNickname + '@' + optionsDomain + '/.nonewswire'
checkboxStr = \
' <input type="checkbox" ' + \
'class="profilecheckbox" name="postsToNews" checked> ' + \
translate['Allow news posts'] + \
'\n <button type="submit" class="buttonsmall" ' + \
'name="submitPostToNews">' + \
translate['Submit'] + '</button><br>\n'
if os.path.isfile(newswireBlockedFilename):
checkboxStr = checkboxStr.replace(' checked>', '>')
else:
newswirePostsPermitted = True
optionsStr += checkboxStr
# whether blogs created by this account are moderated on the newswire
if newswirePostsPermitted:
moderatedFilename = \
baseDir + '/accounts/' + \ baseDir + '/accounts/' + \
optionsNickname + '@' + optionsDomain + '/.nonewswire' optionsNickname + '@' + optionsDomain + '/.newswiremoderated'
checkboxStr = \ checkboxStr = \
' <input type="checkbox" ' + \ ' <input type="checkbox" ' + \
'class="profilecheckbox" name="postsToNews" checked> ' + \ 'class="profilecheckbox" name="modNewsPosts" checked> ' + \
translate['Allow news posts'] + \ translate['News posts are moderated'] + \
'\n <button type="submit" class="buttonsmall" ' + \ '\n <button type="submit" class="buttonsmall" ' + \
'name="submitPostToNews">' + \ 'name="submitModNewsPosts">' + \
translate['Submit'] + '</button><br>\n' translate['Submit'] + '</button><br>\n'
if os.path.isfile(newswireBlockedFilename): if not os.path.isfile(moderatedFilename):
checkboxStr = checkboxStr.replace(' checked>', '>')
else:
newswirePostsPermitted = True
optionsStr += checkboxStr
# whether blogs created by this account are moderated on the newswire
if newswirePostsPermitted:
moderatedFilename = \
baseDir + '/accounts/' + \
optionsNickname + '@' + optionsDomain + '/.newswiremoderated'
checkboxStr = \
' <input type="checkbox" ' + \
'class="profilecheckbox" name="modNewsPosts" checked> ' + \
translate['News posts are moderated'] + \
'\n <button type="submit" class="buttonsmall" ' + \
'name="submitModNewsPosts">' + \
translate['Submit'] + '</button><br>\n'
if not os.path.isfile(moderatedFilename):
checkboxStr = checkboxStr.replace(' checked>', '>')
optionsStr += checkboxStr
# checkbox for permission to post to featured articles
if newsInstance and optionsDomainFull == domainFull:
adminNickname = getConfigParam(baseDir, 'admin')
if (nickname == adminNickname or
(isModerator(baseDir, nickname) and
not isModerator(baseDir, optionsNickname))):
checkboxStr = \
' <input type="checkbox" ' + \
'class="profilecheckbox" name="postsToFeatures" checked> ' + \
translate['Featured writer'] + \
'\n <button type="submit" class="buttonsmall" ' + \
'name="submitPostToFeatures">' + \
translate['Submit'] + '</button><br>\n'
if not isFeaturedWriter(baseDir, optionsNickname,
optionsDomain):
checkboxStr = checkboxStr.replace(' checked>', '>') checkboxStr = checkboxStr.replace(' checked>', '>')
optionsStr += checkboxStr optionsStr += checkboxStr
# checkbox for permission to post to featured articles
if newsInstance and optionsDomainFull == domainFull:
adminNickname = getConfigParam(baseDir, 'admin')
if (nickname == adminNickname or
(isModerator(baseDir, nickname) and
not isModerator(baseDir, optionsNickname))):
checkboxStr = \
' <input type="checkbox" ' + \
'class="profilecheckbox" ' + \
'name="postsToFeatures" checked> ' + \
translate['Featured writer'] + \
'\n <button type="submit" class="buttonsmall" ' + \
'name="submitPostToFeatures">' + \
translate['Submit'] + '</button><br>\n'
if not isFeaturedWriter(baseDir, optionsNickname,
optionsDomain):
checkboxStr = checkboxStr.replace(' checked>', '>')
optionsStr += checkboxStr
optionsStr += optionsLinkStr optionsStr += optionsLinkStr
backPath = '/' backPath = '/'
if nickname: if nickname:
@ -317,49 +321,52 @@ def htmlPersonOptions(defaultTimeline: str,
' <a href="' + backPath + '"><button type="button" ' + \ ' <a href="' + backPath + '"><button type="button" ' + \
'class="buttonIcon" name="submitBack">' + translate['Go Back'] + \ 'class="buttonIcon" name="submitBack">' + translate['Go Back'] + \
'</button></a>\n' '</button></a>\n'
optionsStr += \ if authorized:
' <button type="submit" class="button" name="submitView">' + \ optionsStr += \
translate['View'] + '</button>\n' ' <button type="submit" class="button" name="submitView">' + \
translate['View'] + '</button>\n'
optionsStr += donateStr optionsStr += donateStr
optionsStr += \ if authorized:
' <button type="submit" class="button" name="submit' + \ optionsStr += \
followStr + '">' + translate[followStr] + '</button>\n' ' <button type="submit" class="button" name="submit' + \
optionsStr += \ followStr + '">' + translate[followStr] + '</button>\n'
' <button type="submit" class="button" name="submit' + \ optionsStr += \
blockStr + '">' + translate[blockStr] + '</button>\n' ' <button type="submit" class="button" name="submit' + \
optionsStr += \ blockStr + '">' + translate[blockStr] + '</button>\n'
' <button type="submit" class="button" name="submitDM">' + \ optionsStr += \
translate['DM'] + '</button>\n' ' <button type="submit" class="button" name="submitDM">' + \
optionsStr += \ translate['DM'] + '</button>\n'
' <button type="submit" class="button" name="submit' + \ optionsStr += \
snoozeButtonStr + '">' + translate[snoozeButtonStr] + '</button>\n' ' <button type="submit" class="button" name="submit' + \
optionsStr += \ snoozeButtonStr + '">' + translate[snoozeButtonStr] + \
' <button type="submit" class="button" name="submitReport">' + \ '</button>\n'
translate['Report'] + '</button>\n'
if isModerator(baseDir, nickname):
optionsStr += \ optionsStr += \
' <button type="submit" class="button" ' + \ ' <button type="submit" class="button" ' + \
'name="submitPersonInfo">' + \ 'name="submitReport">' + translate['Report'] + '</button>\n'
translate['Info'] + '</button>\n'
personNotes = '' if isModerator(baseDir, nickname):
personNotesFilename = \ optionsStr += \
baseDir + '/accounts/' + nickname + '@' + domain + \ ' <button type="submit" class="button" ' + \
'/notes/' + handle + '.txt' 'name="submitPersonInfo">' + \
if os.path.isfile(personNotesFilename): translate['Info'] + '</button>\n'
with open(personNotesFilename, 'r') as fp:
personNotes = fp.read()
optionsStr += \ personNotes = ''
' <br><br>' + translate['Notes'] + ': \n' personNotesFilename = \
optionsStr += ' <button type="submit" class="buttonsmall" ' + \ baseDir + '/accounts/' + nickname + '@' + domain + \
'name="submitPersonNotes">' + \ '/notes/' + handle + '.txt'
translate['Submit'] + '</button><br>\n' if os.path.isfile(personNotesFilename):
optionsStr += \ with open(personNotesFilename, 'r') as fp:
' <textarea id="message" ' + \ personNotes = fp.read()
'name="optionnotes" style="height:400px">' + \
personNotes + '</textarea>\n' optionsStr += \
' <br><br>' + translate['Notes'] + ': \n'
optionsStr += ' <button type="submit" class="buttonsmall" ' + \
'name="submitPersonNotes">' + \
translate['Submit'] + '</button><br>\n'
optionsStr += \
' <textarea id="message" ' + \
'name="optionnotes" style="height:400px">' + \
personNotes + '</textarea>\n'
optionsStr += ' </form>\n' optionsStr += ' </form>\n'
optionsStr += '</center>\n' optionsStr += '</center>\n'