acetheking987/prismic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minor patches

Browse Source
This commit is contained in:
Alfie King 2025-04-25 09:51:01 +01:00
parent 439975ce96
commit 630410797b
6 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -3,4 +3,5 @@ app.log
__pycache__/ __pycache__/
database.db database.db
.env .env
flask_session flask_session
temp

2
src/html/board.html
View File

@ -9,6 +9,8 @@
<p>{{ board.description }}</p> <p>{{ board.description }}</p>
{% if board.owner_id == session.user_id %} {% if board.owner_id == session.user_id %}
<h6><a href="/boards/delete/{{ board.id }}">Delete Board</a></h6> <h6><a href="/boards/delete/{{ board.id }}">Delete Board</a></h6>
{% elif session.perms == "admin" %}
<h6><a href="/boards/delete/{{ board.id }}">Delete Board</a></h6>
{% endif %} {% endif %}
{% if session.user_id %} {% if session.user_id %}
<br> <br>

2
src/html/post.html
View File

@ -34,7 +34,7 @@
{% endif %} {% endif %}
<p>{{post.content}}</p> <p>{{post.content}}</p>
<h6> <h6>
{% if session.name == "SYSTEM" %} {% if session.perms == "admin" %}
<a href="/delete/post/{{ post.id }}">Delete</a> <a href="/delete/post/{{ post.id }}">Delete</a>
{% elif session.name == post.user.name %} {% elif session.name == post.user.name %}
<a href="/delete/post/{{ post.id }}">Delete</a> <a href="/delete/post/{{ post.id }}">Delete</a>

2
src/html/templates/post.html
View File

@ -20,7 +20,7 @@
{% if post.replies > 0 %} {% if post.replies > 0 %}
({{ post.replies }} replies) ({{ post.replies }} replies)
{% endif %} {% endif %}
{% if session.name == "SYSTEM" %} {% if session.perms == "admin" %}
| <a href="/delete/post/{{ post.id }}">Delete</a> | <a href="/delete/post/{{ post.id }}">Delete</a>
{% elif session.name == post.user.name %} {% elif session.name == post.user.name %}
| <a href="/delete/post/{{ post.id }}">Delete</a> | <a href="/delete/post/{{ post.id }}">Delete</a>

2
src/html/templates/short_post.html
View File

@ -20,7 +20,7 @@
{% if post.replies > 0 %} {% if post.replies > 0 %}
({{ post.replies }} replies) ({{ post.replies }} replies)
{% endif %} {% endif %}
{% if session.name == "SYSTEM" %} {% if session.perms == "admin" %}
| <a href="/delete/post/{{ post.id }}">Delete</a> | <a href="/delete/post/{{ post.id }}">Delete</a>
{% elif session.name == post.user.name %} {% elif session.name == post.user.name %}
| <a href="/delete/post/{{ post.id }}">Delete</a> | <a href="/delete/post/{{ post.id }}">Delete</a>

26
src/main.py
View File

@ -20,7 +20,7 @@ console_log.setFormatter(logging.Formatter("\033[1;32m%(asctime)s\033[0m - \033[
console_log.setLevel(logging.INFO) console_log.setLevel(logging.INFO)
# Create file handler with a specific format # Create file handler with a specific format
file_log = logging.FileHandler(env('LOG_FILE', default='app.log')) file_log = logging.FileHandler(env('LOG_FILE', default='app.log'), mode=env('LOG_MODE', default='a'))
file_log.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(name)s - %(message)s")) file_log.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(name)s - %(message)s"))
file_log.setLevel(logging.DEBUG) file_log.setLevel(logging.DEBUG)
@ -550,6 +550,16 @@ def delete_board(board_id):
return redirect('/login') return redirect('/login')
log.debug(f"Token validated for user {user[1]}") log.debug(f"Token validated for user {user[1]}")
# Check if user owns the board or is admin
board = db.execute_query("SELECT * FROM boards WHERE id = ?", (board_id,), fetch_type=FETCHONE)
if not board:
log.error("Board not found")
return render_template('error.html', error="Board not found")
if board[4] != user[0] and session['perms'] != 'admin':
log.error("User does not have permission to delete this board")
return render_template('error.html', error="You do not have permission to delete this board")
# Delete the board # Delete the board
db.execute_query("DELETE FROM boards WHERE id = ?", (board_id,)) db.execute_query("DELETE FROM boards WHERE id = ?", (board_id,))
log.info(f"Board ID {board_id} deleted successfully") log.info(f"Board ID {board_id} deleted successfully")
@ -598,6 +608,10 @@ def new_post():
log.error("No post content provided") log.error("No post content provided")
return render_template('error.html', error="No post content provided") return render_template('error.html', error="No post content provided")
if len(content) > 10000:
log.error("Post content is too long")
return render_template('error.html', error="Post content is too long")
attachments = request.files.getlist('attachments') attachments = request.files.getlist('attachments')
reference = request.form.get('reference') reference = request.form.get('reference')
@ -675,6 +689,16 @@ def delete_post(post_id):
return redirect('/login') return redirect('/login')
log.debug(f"Token validated for user {user[1]}") log.debug(f"Token validated for user {user[1]}")
# Check if user owns the post or is admin
post = db.execute_query("SELECT * FROM posts WHERE id = ?", (post_id,), fetch_type=FETCHONE)
if not post:
log.error("Post not found")
return render_template('error.html', error="Post not found")
if post[1] != user[0] and session['perms'] != 'admin':
log.error("User does not have permission to delete this post")
return render_template('error.html', error="You do not have permission to delete this post")
# Delete the post # Delete the post
db.execute_query("DELETE FROM posts WHERE id = ?", (post_id,)) db.execute_query("DELETE FROM posts WHERE id = ?", (post_id,))
log.info(f"Post ID {post_id} deleted successfully") log.info(f"Post ID {post_id} deleted successfully")