By using this site, you agree to have cookies stored on your device, strictly for functional purposes, such as storing your session and preferences.

Dismiss

Fix forum posting permissions

roundabout,
created on Thursday, 11 July 2024, 19:54:45 (1720727685), received on Wednesday, 31 July 2024, 06:54:50 (1722408890)
Author identity: vlad <vlad.muntoiu@gmail.com>

fa6e25731212a920e66ff52ce52571d9d09aa859

app.py

@@ -985,7 +985,7 @@ def repository_forum_new(username, repository):

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                server_repo_location = os.path.join(config.REPOS_PATH, username, repository)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                if not os.path.exists(server_repo_location):
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    flask.abort(404)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            if not (get_visibility(username, repository) or get_permission_level(
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            if not ((flask.session.get("username") and get_visibility(username, repository)) or get_permission_level(
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        flask.session.get("username"), username,
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        repository) is not None):
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    flask.abort(403)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        

@@ -1090,7 +1090,7 @@ def repository_forum_reply(username, repository, post_id):

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                server_repo_location = os.path.join(config.REPOS_PATH, username, repository)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                if not os.path.exists(server_repo_location):
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    flask.abort(404)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            if not (get_visibility(username, repository) or get_permission_level(
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            if not ((flask.session.get("username") and get_visibility(username, repository)) or get_permission_level(
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        flask.session.get("username"), username,
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        repository) is not None):
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    flask.abort(403)