intercal/interchan
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove can_modify context variable, use is_staff instead

Browse Source 
For both ban and modify actions, we trust staff users to not abuse
otherwise-secret scripts and links. We don't supply "can_modify" context
variable anymore and just use user.is_staff instead. The same goes for
ban links and scripts.

Signed-off-by: Alek Ratzloff <alekratz@gmail.com>
This commit is contained in:
Alek Ratzloff
2022-07-17 15:32:10 -07:00
parent e686c3b235
commit 794db714de
4 changed files with 2 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
board/templates/board/base.html
View File

@@ -12,10 +12,8 @@
<script src="{% static 'board/jquery.js' %}"></script>
<script src="{% static 'board/jsframe.min.js' %}"></script>
<script src="{% static 'board/post.js' %}"></script>
{% if perms.board.add_ban %}
{% if user.is_staff %}
<script src="{% static 'board/ban.js' %}"></script>
{% endif %}
{% if can_modify %}
<script src="{% static 'board/modify.js' %}"></script>
{% endif %}
{% block extrajs %}{% endblock %}