mirror of
https://github.com/spl0k/supysonic.git
synced 2024-12-23 01:16:18 +00:00
Check when uid param isn't me
This commit is contained in:
parent
97fb5232e5
commit
fe5e966dbc
@ -45,10 +45,10 @@ def user_profile(uid):
|
|||||||
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(session.get('userid')))
|
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(session.get('userid')))
|
||||||
return render_template('profile.html', user = UserManager.get(store, session.get('userid'))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
|
return render_template('profile.html', user = UserManager.get(store, session.get('userid'))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
|
||||||
else:
|
else:
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(uid))
|
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(uid))
|
||||||
return render_template('profile.html', user = UserManager.get(store, uuid.UUID(uid))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
|
return render_template('profile.html', user = UserManager.get(store, uid)[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
|
||||||
|
|
||||||
@app.route('/user/<uid>', methods = [ 'POST' ])
|
@app.route('/user/<uid>', methods = [ 'POST' ])
|
||||||
def update_clients(uid):
|
def update_clients(uid):
|
||||||
@ -60,7 +60,7 @@ def update_clients(uid):
|
|||||||
if uid == 'me':
|
if uid == 'me':
|
||||||
userid = uuid.UUID(session.get('userid'))
|
userid = uuid.UUID(session.get('userid'))
|
||||||
else:
|
else:
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
userid = uuid.UUID(uid)
|
userid = uuid.UUID(uid)
|
||||||
|
|
||||||
@ -79,9 +79,9 @@ def update_clients(uid):
|
|||||||
|
|
||||||
@app.route('/user/<uid>/changeusername', methods = [ 'GET', 'POST' ])
|
@app.route('/user/<uid>/changeusername', methods = [ 'GET', 'POST' ])
|
||||||
def change_username(uid):
|
def change_username(uid):
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
user = UserManager.get(store, uuid.UUID(uid))[1]
|
user = UserManager.get(store, uid)[1]
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
username = request.form.get('user')
|
username = request.form.get('user')
|
||||||
if username in ('', None):
|
if username in ('', None):
|
||||||
@ -109,9 +109,9 @@ def change_mail(uid):
|
|||||||
if uid == 'me':
|
if uid == 'me':
|
||||||
user = UserManager.get(store, session.get('userid'))[1]
|
user = UserManager.get(store, session.get('userid'))[1]
|
||||||
else:
|
else:
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
user = UserManager.get(store, uuid.UUID(uid))[1]
|
user = UserManager.get(store, uid)[1]
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
mail = request.form.get('mail')
|
mail = request.form.get('mail')
|
||||||
# No validation, lol.
|
# No validation, lol.
|
||||||
@ -126,9 +126,9 @@ def change_password(uid):
|
|||||||
if uid == 'me':
|
if uid == 'me':
|
||||||
user = UserManager.get(store, session.get('userid'))[1].name
|
user = UserManager.get(store, session.get('userid'))[1].name
|
||||||
else:
|
else:
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
user = UserManager.get(store, uuid.UUID(uid))[1].name
|
user = UserManager.get(store, uid)[1].name
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
|
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
|
||||||
error = False
|
error = False
|
||||||
@ -250,9 +250,9 @@ def lastfm_reg(uid):
|
|||||||
if uid == 'me':
|
if uid == 'me':
|
||||||
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
|
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
|
||||||
else:
|
else:
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
lfm = LastFm(UserManager.get(store, uuid.UUID(uid))[1], app.logger)
|
lfm = LastFm(UserManager.get(store, uid)[1], app.logger)
|
||||||
status, error = lfm.link_account(token)
|
status, error = lfm.link_account(token)
|
||||||
store.commit()
|
store.commit()
|
||||||
flash(error if not status else 'Successfully linked LastFM account')
|
flash(error if not status else 'Successfully linked LastFM account')
|
||||||
@ -264,9 +264,9 @@ def lastfm_unreg(uid):
|
|||||||
if uid == 'me':
|
if uid == 'me':
|
||||||
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
|
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
|
||||||
else:
|
else:
|
||||||
if not UserManager.get(store, session.get('userid'))[1].admin:
|
if not UserManager.get(store, session.get('userid'))[1].admin or UserManager.get(store, uid)[0] in (UserManager.INVALID_ID, UserManager.NO_SUCH_USER):
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
lfm = LastFm(UserManager.get(store, uuid.UUID(uid))[1], app.logger)
|
lfm = LastFm(UserManager.get(store, uid)[1], app.logger)
|
||||||
lfm.unlink_account()
|
lfm.unlink_account()
|
||||||
store.commit()
|
store.commit()
|
||||||
flash('Unliked LastFM account')
|
flash('Unliked LastFM account')
|
||||||
|
Loading…
Reference in New Issue
Block a user