def show_moderator_buttons(board_id):
if get_authed():
moderator = request_moderator()
if moderator_service.moderates_board_id(moderator, board_id):
return True
return False
def _gather_manage_params() -> ManagePostDetails:
form = request.form
board_name = form.get('board', None)
if not validation.check_board_name_validity(board_name):
abort(400)
thread_refno = form.get('thread', type=int)
valid_id_range(thread_refno)
post_id = form.get('post_id', type=int)
if not post_id:
post_id = None
if post_id is not None:
valid_id_range(post_id)
password = form.get('password', None)
if not password:
password = None
if password and not validation.check_password_validity(password):
abort(400)
ip4 = get_request_ip4()
mod_id = None
if get_authed():
mod_id = request_moderator().id
mode_string = form.get('mode')
return ManagePostDetails(board_name, thread_refno, post_id, ip4, mod_id, mode_string, password)
def show_moderator_buttons(board_id):
if get_authed():
moderator = request_moderator()
if moderator_service.moderates_board_id(moderator, board_id):
return True
return False
def mod_board_delete():
board = board_service.find_board(request.form['board_name'])
try:
moderator_service.user_delete_board(request_moderator(), board)
flash('Board deleted')
mod_log('delete board /{}/'.format(board.name))
except ArgumentError as e:
flash(e.message)
return redirect(url_for('.mod_boards'))
def mod_board_delete():
board = board_service.find_board(request.form['board_name'])
try:
moderator_service.user_delete_board(request_moderator(), board)
flash('Board deleted')
mod_log('delete board /{}/'.format(board.name))
except ArgumentError as e:
flash(e.message)
return redirect(url_for('.mod_boards'))
def mod_auth():
if request.method == 'POST':
return _mod_auth_post()
else:
authed = get_authed()
moderator = request_moderator() if authed else None
method = None
if not authed:
method = verification_service.get_method()
return render_template('auth.html', authed=authed, moderator=moderator, method=method)
def _gather_post_params() -> Tuple[BoardModel, PostDetails]:
form = request.form
# Gather params
thread_refno_raw = form.get('thread', None)
thread_refno = None
if thread_refno_raw is not None:
try:
thread_refno = int(thread_refno_raw)
valid_id_range(thread_refno)
except ValueError:
abort(400)
board_name = form.get('board', None)
if not validation.check_board_name_validity(board_name):
abort(400)
board = board_service.find_board(board_name)
if not board:
abort(404)
text = form.get('comment', None)
name = form.get('name', None)
subject = form.get('subject', None)
password = form.get('password', None)
# Convert empty strings to None
if not text:
text = None
if not name:
name = None
if not subject:
subject = None
if not password:
password = None
file = request.files.get('file', None)
has_file = file is not None and file.filename is not None and len(file.filename) > 0
ip4 = get_request_ip4()
with_mod = form.get('with_mod', default=False, type=bool)
mod_id = None
if with_mod:
moderator = request_moderator() if get_authed() else None
if moderator is not None:
mod_id = moderator.id
return board, PostDetails(form, board_name, thread_refno, text, name, subject, password, has_file,
ip4, mod_id, None)
def mod_auth():
if request.method == 'POST':
return _mod_auth_post()
else:
authed = get_authed()
moderator = request_moderator() if authed else None
method = None
if not authed:
method = verification_service.get_method()
return render_template('auth.html',
authed=authed,
moderator=moderator,
method=method)
def mod_board_log(board: BoardModel, page=0):
per_page = 100
pages = 15
moderator = request_moderator()
logs = moderator_service.user_get_logs(moderator, board, page, per_page)
def get_log_type(typeid):
try:
return ModeratorLogType(typeid).name
except ValueError:
return ''
return render_template('mod_board_log.html', board=board, page=page, pages=pages,
logs=logs, get_log_type=get_log_type)
def mod_boards():
moderator = request_moderator()
board_moderators = moderator_service.get_all_board_moderators_by_moderator(moderator)
add_board_form = AddBoardForm(request.form)
if request.method == 'POST' and add_board_form.validate():
try:
board_name = add_board_form.board_name.data
moderator_service.user_create_board(moderator, board_name)
flash('Board created')
return redirect(url_for('.mod_board', board_name=board_name))
except ArgumentError as e:
flash(e.message)
return redirect(url_for('.mod_boards'))
return render_template('mod_boards.html', add_board_form=add_board_form, moderator=moderator,
board_moderators=board_moderators)
def mod_self():
moderator = request_moderator()
change_password_form = ChangePasswordForm(request.form)
if request.method == 'POST' and change_password_form.validate():
try:
moderator_service.check_and_set_password(
moderator, change_password_form.old_password.data, change_password_form.new_password.data)
flash('Changed password')
mod_log('password changed')
except ArgumentError as e:
flash(e.message)
moderating_boards = moderator_service.get_all_moderating_boards(moderator)
board_links = map(lambda b: (b.name, url_for('board', board_name=b.name)), moderating_boards)
return render_template('mod_self.html', change_password_form=change_password_form, moderator=moderator,
board_links=board_links)
def mod_moderator_delete():
moderator = moderator_service.find_moderator_id(
request.form.get('moderator_id', type=int))
username = moderator.username
authed_moderator = request_moderator()
self_delete = authed_moderator == moderator
# moderator_service.delete_moderator(moderator)
# if self_delete:
# unset_mod_authed()
flash('Moderator deleted')
mod_log('moderator delete username {}'.format(username),
moderator_name=authed_moderator.username)
if self_delete:
return redirect(url_for('.mod_auth'))
else:
return redirect(url_for('.mod_moderators'))
def mod_boards():
moderator = request_moderator()
board_moderators = moderator_service.get_all_board_moderators_by_moderator(
moderator)
add_board_form = AddBoardForm(request.form)
if request.method == 'POST' and add_board_form.validate():
try:
board_name = add_board_form.board_name.data
moderator_service.user_create_board(moderator, board_name)
flash('Board created')
return redirect(url_for('.mod_board', board_name=board_name))
except ArgumentError as e:
flash(e.message)
return redirect(url_for('.mod_boards'))
return render_template('mod_boards.html',
add_board_form=add_board_form,
moderator=moderator,
board_moderators=board_moderators)
def mod_board_log(board: BoardModel, page=0):
per_page = 100
pages = 15
moderator = request_moderator()
logs = moderator_service.user_get_logs(moderator, board, page, per_page)
def get_log_type(typeid):
try:
return ModeratorLogType(typeid).name
except ValueError:
return ''
return render_template('mod_board_log.html',
board=board,
page=page,
pages=pages,
logs=logs,
get_log_type=get_log_type)
def mod_self():
moderator = request_moderator()
change_password_form = ChangePasswordForm(request.form)
if request.method == 'POST' and change_password_form.validate():
try:
moderator_service.check_and_set_password(
moderator, change_password_form.old_password.data,
change_password_form.new_password.data)
flash('Changed password')
mod_log('password changed')
except ArgumentError as e:
flash(e.message)
moderating_boards = moderator_service.get_all_moderating_boards(moderator)
board_links = map(lambda b: (b.name, url_for('board', board_name=b.name)),
moderating_boards)
return render_template('mod_self.html',
change_password_form=change_password_form,
moderator=moderator,
board_links=board_links)
def mod_log(what, moderator_name=None, moderator=None, ip4_str=None):
"""Logs to a log file."""
# Hax
in_request_context = _request_ctx_stack.top is not None
if in_request_context:
if ip4_str is None:
ip4_str = get_request_ip4_str()
if moderator_name is None:
if not moderator:
moderator = request_moderator() if get_authed() else None
if moderator is not None:
moderator_name = moderator.username
output = ''
if ip4_str is not None:
output += '[' + ip4_str + '] '
if moderator_name is not None:
output += '[' + moderator_name + '] '
output += what
mod_logger.info(output)
def _gather_report_manage_params():
form = request.form
report_id = form.get('report_id', type=int)
moderator = request_moderator()
mode_string = form['mode']
if mode_string == 'clear':
mode = ManageReportDetails.CLEAR
success_message = 'Cleared report'
elif mode_string == 'delete':
mode = ManageReportDetails.DELETE_POST
success_message = 'Deleted post'
elif mode_string == 'delete_file':
mode = ManageReportDetails.DELETE_FILE
success_message = 'Deleted file'
else:
abort(400)
return
return ManageReportDetails(report_id, moderator.id, mode), success_message
def mod_report(page=0, boards=None):
per_page = 20
pages = 15
moderator = request_moderator()
is_admin = moderator_service.has_role(moderator, roles.ROLE_ADMIN)
board_names = None
if boards is not None:
board_names = list(set(boards.split(',')))
if len(board_names) > 6:
raise BadRequestError('Maximum of 6 boards can be combined')
try:
if board_names:
for_boards = board_service.find_by_names(list(board_names))
else:
for_boards = None
reports = report_service.get_reports(moderator, page, per_page, for_boards)
except ArgumentError as e:
raise BadRequestError(e)
view_ips = is_admin
show_ban_button = is_admin
if is_admin:
moderator_boards = board_service.get_all_boards()
else:
moderator_boards = moderator_service.get_all_moderating_boards(moderator)
pager_suffix = '/' + ','.join(board_names) if board_names else ''
return render_template('mod_report.html', page=page, pages=pages, pager_suffix=pager_suffix,
moderator=moderator, reports=reports, moderator_boards=moderator_boards,
view_ips=view_ips, ip4_to_str=ip4_to_str, show_ban_button=show_ban_button)
def mod_board(board_name):
board = board_service.find_board(board_name)
if not board:
abort(404)
moderator = request_moderator()
if not moderator_service.moderates_board(moderator, board):
abort(404)
# These are purely for configuring the visibility of the various elements on the page,
# the actions are still checked with the authorizer on post.
can_update_board_config = moderator_service.can_update_board_config(
moderator, board)
can_update_advanced_board_configs = moderator_service.can_update_advanced_board_configs(
moderator)
can_update_roles = moderator_service.can_update_roles(moderator, board)
can_invite_moderator = moderator_service.can_invite_moderator(
moderator, board)
can_remove_moderator = moderator_service.can_remove_moderator(
moderator, board)
can_delete = moderator_service.can_delete_board(moderator)
for_action = request.form.get('for_action')
action_configure = for_action == 'configuration'
action_update_roles = for_action == 'update_roles'
action_invite_moderator = for_action == 'moderator_invite'
action_remove_moderator = for_action == 'moderator_remove'
board_configuration_form = None
invite_messages = []
invite_moderator_form = None
roles_messages = []
if request.method == 'POST':
if action_configure:
board_configuration_form = BoardConfigurationForm(request.form)
if board_configuration_form.validate():
board.config.full_name = board_configuration_form.full_name.data
board.config.description = board_configuration_form.description.data
if can_update_advanced_board_configs:
board.config.pages = board_configuration_form.pages.data
board.config.per_page = board_configuration_form.per_page.data
board.config.bump_limit = board_configuration_form.bump_limit.data
board.config.file_posting = board_configuration_form.file_posting.data
board.config.posting_verification_required = board_configuration_form.posting_verification.data
moderator_service.user_update_board_config(moderator, board)
elif action_invite_moderator:
invite_moderator_form = InviteModeratorForm(request.form)
if invite_moderator_form.validate():
moderator_username = invite_moderator_form.username.data
try:
moderator_service.user_invite_moderator(
request_moderator(), board, moderator_username)
invite_messages.append('Moderator invited')
except ArgumentError as e:
invite_messages.append(str(e))
elif action_remove_moderator:
# No wtform for this action
if not check_csrf_token(request.form.get('token')):
abort(400)
moderator_username = request.form['username']
removed_self = False
try:
removed_self = moderator_service.user_remove_moderator(
moderator, board, moderator_username)
roles_messages.append('Moderator removed')
except ArgumentError as e:
roles_messages.append(str(e))
if removed_self:
return redirect(url_for('.mod_boards'))
elif action_update_roles:
# Also no wtform
if not check_csrf_token(request.form.get('token')):
abort(400)
moderator_username = request.form['username']
checked_roles = []
for board_role in roles.ALL_BOARD_ROLES:
if request.form.get(board_role) == 'on':
checked_roles.append(board_role)
try:
moderator_service.user_update_roles(moderator, board,
moderator_username,
checked_roles)
roles_messages.append('Roles updated')
except ArgumentError as e:
roles_messages.append(str(e))
except NoPermissionError as e:
roles_messages.append('No permission')
else:
abort(400)
if not board_configuration_form:
board_configuration_form = BoardConfigurationForm(
full_name=board.config.full_name,
description=board.config.description,
pages=board.config.pages,
per_page=board.config.per_page,
bump_limit=board.config.bump_limit,
file_posting=board.config.file_posting,
posting_verification=board.config.posting_verification_required,
)
if not can_update_advanced_board_configs:
del board_configuration_form.pages
del board_configuration_form.per_page
del board_configuration_form.bump_limit
del board_configuration_form.file_posting
del board_configuration_form.posting_verification
if not invite_moderator_form:
invite_moderator_form = InviteModeratorForm()
board_configuration_form.action_url = url_for('.mod_board',
board_name=board_name)
invite_moderator_form.action_url = url_for('.mod_board',
board_name=board_name,
_anchor='invite')
board_moderators = moderator_service.get_all_board_moderators_by_board(
board)
# Put the request moderator on top for the permissions table
board_moderators_unsorted = sorted(
board_moderators,
key=lambda board_moderator: board_moderator.moderator.id)
board_moderators = []
for item in board_moderators_unsorted:
if item.moderator == moderator:
board_moderators.append(item)
break
for item in board_moderators_unsorted:
if item.moderator != moderator:
board_moderators.append(item)
all_board_roles = roles.ALL_BOARD_ROLES
return render_template(
'mod_board.html',
board=board,
board_configuration_form=board_configuration_form,
invite_messages=invite_messages,
roles_messages=roles_messages,
invite_moderator_form=invite_moderator_form,
can_update_board_config=can_update_board_config,
can_update_advanced_board_configs=can_update_advanced_board_configs,
can_delete=can_delete,
can_update_roles=can_update_roles,
can_invite_moderator=can_invite_moderator,
can_remove_moderator=can_remove_moderator,
board_moderators=board_moderators,
all_board_roles=all_board_roles)
def mod_board(board_name):
board = board_service.find_board(board_name)
if not board:
abort(404)
moderator = request_moderator()
if not moderator_service.moderates_board(moderator, board):
abort(404)
# These are purely for configuring the visibility of the various elements on the page,
# the actions are still checked with the authorizer on post.
can_update_board_config = moderator_service.can_update_board_config(moderator, board)
can_update_advanced_board_configs = moderator_service.can_update_advanced_board_configs(moderator)
can_update_roles = moderator_service.can_update_roles(moderator, board)
can_invite_moderator = moderator_service.can_invite_moderator(moderator, board)
can_remove_moderator = moderator_service.can_remove_moderator(moderator, board)
can_delete = moderator_service.can_delete_board(moderator)
for_action = request.form.get('for_action')
action_configure = for_action == 'configuration'
action_update_roles = for_action == 'update_roles'
action_invite_moderator = for_action == 'moderator_invite'
action_remove_moderator = for_action == 'moderator_remove'
board_configuration_form = None
invite_messages = []
invite_moderator_form = None
roles_messages = []
if request.method == 'POST':
if action_configure:
board_configuration_form = BoardConfigurationForm(request.form)
if board_configuration_form.validate():
board.config.full_name = board_configuration_form.full_name.data
board.config.description = board_configuration_form.description.data
if can_update_advanced_board_configs:
board.config.pages = board_configuration_form.pages.data
board.config.per_page = board_configuration_form.per_page.data
board.config.bump_limit = board_configuration_form.bump_limit.data
board.config.file_posting = board_configuration_form.file_posting.data
board.config.posting_verification_required = board_configuration_form.posting_verification.data
moderator_service.user_update_board_config(moderator, board)
elif action_invite_moderator:
invite_moderator_form = InviteModeratorForm(request.form)
if invite_moderator_form.validate():
moderator_username = invite_moderator_form.username.data
try:
moderator_service.user_invite_moderator(request_moderator(), board, moderator_username)
invite_messages.append('Moderator invited')
except ArgumentError as e:
invite_messages.append(str(e))
elif action_remove_moderator:
# No wtform for this action
if not check_csrf_token(request.form.get('token')):
abort(400)
moderator_username = request.form['username']
removed_self = False
try:
removed_self = moderator_service.user_remove_moderator(moderator, board, moderator_username)
roles_messages.append('Moderator removed')
except ArgumentError as e:
roles_messages.append(str(e))
if removed_self:
return redirect(url_for('.mod_boards'))
elif action_update_roles:
# Also no wtform
if not check_csrf_token(request.form.get('token')):
abort(400)
moderator_username = request.form['username']
checked_roles = []
for board_role in roles.ALL_BOARD_ROLES:
if request.form.get(board_role) == 'on':
checked_roles.append(board_role)
try:
moderator_service.user_update_roles(moderator, board, moderator_username, checked_roles)
roles_messages.append('Roles updated')
except ArgumentError as e:
roles_messages.append(str(e))
except NoPermissionError as e:
roles_messages.append('No permission')
else:
abort(400)
if not board_configuration_form:
board_configuration_form = BoardConfigurationForm(
full_name=board.config.full_name,
description=board.config.description,
pages=board.config.pages,
per_page=board.config.per_page,
bump_limit=board.config.bump_limit,
file_posting=board.config.file_posting,
posting_verification=board.config.posting_verification_required,
)
if not can_update_advanced_board_configs:
del board_configuration_form.pages
del board_configuration_form.per_page
del board_configuration_form.bump_limit
del board_configuration_form.file_posting
del board_configuration_form.posting_verification
if not invite_moderator_form:
invite_moderator_form = InviteModeratorForm()
board_configuration_form.action_url = url_for('.mod_board', board_name=board_name)
invite_moderator_form.action_url = url_for('.mod_board', board_name=board_name, _anchor='invite')
board_moderators = moderator_service.get_all_board_moderators_by_board(board)
# Put the request moderator on top for the permissions table
board_moderators_unsorted = sorted(board_moderators, key=lambda board_moderator: board_moderator.moderator.id)
board_moderators = []
for item in board_moderators_unsorted:
if item.moderator == moderator:
board_moderators.append(item)
break
for item in board_moderators_unsorted:
if item.moderator != moderator:
board_moderators.append(item)
all_board_roles = roles.ALL_BOARD_ROLES
return render_template('mod_board.html', board=board,
board_configuration_form=board_configuration_form,
invite_messages=invite_messages,
roles_messages=roles_messages,
invite_moderator_form=invite_moderator_form,
can_update_board_config=can_update_board_config,
can_update_advanced_board_configs=can_update_advanced_board_configs,
can_delete=can_delete,
can_update_roles=can_update_roles,
can_invite_moderator=can_invite_moderator,
can_remove_moderator=can_remove_moderator,
board_moderators=board_moderators,
all_board_roles=all_board_roles)