intercal/interchan
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove can_modify context variable, use is_staff instead

Browse Source 
For both ban and modify actions, we trust staff users to not abuse
otherwise-secret scripts and links. We don't supply "can_modify" context
variable anymore and just use user.is_staff instead. The same goes for
ban links and scripts.

Signed-off-by: Alek Ratzloff <alekratz@gmail.com>
This commit is contained in:
Alek Ratzloff
2022-07-17 15:32:10 -07:00
parent e686c3b235
commit 794db714de
4 changed files with 2 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
board/views.py
View File

@@ -137,8 +137,6 @@ class BoardView(BoardMixin, TemplateView):
kwargs["pages"] = range(1, last_page + 1)
kwargs["last_page"] = last_page
kwargs["max_upload_size"] = settings.MAX_UPLOAD_SIZE
kwargs["can_modify"] = can_modify(self.request.user)
return super(BoardView, self).get_context_data(**kwargs)
@@ -199,11 +197,6 @@ class PostModifySuccessView(PermissionRequiredMixin, ActionSuccessView):
def has_permission(self) -> bool:
return can_modify(self.request.user)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["can_modify"] = self.has_permission()
return context
class ReplyCreateView(CreateView):
model = Post
@@ -248,8 +241,6 @@ class PostView(TemplateView):
post_id = self.kwargs["id"]
kwargs["post"] = get_object_or_404(Post, id=post_id)
kwargs["max_upload_size"] = settings.MAX_UPLOAD_SIZE
kwargs["can_modify"] = can_modify(self.request.user)
return super(PostView, self).get_context_data(**kwargs)
def dispatch(self, request, *args, **kwargs):