Cedar now uses Django's Perms and groups.

You'll have to do some manual editing to give yourself superuser.

- /admin/ now uses perms and groups. So you can fine tune who has access to what model.
- Moved the metadata button to the user sidebar
- Removed metaview lists from showing in user settings and in the metadata page.
This commit is contained in:
some weird guy
2023-09-15 16:03:37 -07:00
parent 4bd55cbed1
commit 61ca96d37d
9 changed files with 155 additions and 179 deletions
+113 -55
View File
@@ -1,71 +1,110 @@
from django.apps import apps
from django.contrib import admin from django.contrib import admin
#from django.contrib.auth.admin import UserAdmin from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from django.contrib.auth.models import Group from django.contrib.auth.forms import AdminPasswordChangeForm
#from django.forms import ModelForm, PasswordInput from django.contrib.auth.models import Group, Permission
from django.contrib import messages
from django.http import HttpResponseRedirect
from django.conf import settings from django.conf import settings
from . import models from . import models
# Override admin login page @admin.action(description='Void selected Invites', permissions=["change"])
from closedverse_main.views import login_page
admin.autodiscover()
admin.site.login = login_page
"""
class UserForm(ModelForm):
class Meta:
model = models.User
fields = '__all__'
widgets = {
'password': PasswordInput(),
}
"""
@admin.action(description='Void selected Invites')
def Void_invite(modeladmin, request, queryset): def Void_invite(modeladmin, request, queryset):
queryset.update(void = True) queryset.update(void = True)
@admin.action(description='Restore selected Invites') @admin.action(description='Restore selected Invites', permissions=["change"])
def Restore_invite(modeladmin, request, queryset): def Restore_invite(modeladmin, request, queryset):
queryset.update(void = False, used = False) queryset.update(void = False, used = False)
@admin.action(description='Hide selected items') @admin.action(description='Hide selected items', permissions=["change"])
def Hide_content(modeladmin, request, queryset): def Hide_content(modeladmin, request, queryset):
queryset.update(is_rm = True) queryset.update(is_rm = True)
@admin.action(description='Show selected items') @admin.action(description='Show selected items', permissions=["change"])
def Show_content(modeladmin, request, queryset): def Show_content(modeladmin, request, queryset):
queryset.update(is_rm = False) queryset.update(is_rm = False)
@admin.action(description='Disable comments') @admin.action(description='Disable comments', permissions=["change"])
def Disable_comments(modeladmin, request, queryset): def Disable_comments(modeladmin, request, queryset):
queryset.update(lock_comments = 2) queryset.update(lock_comments = 2)
@admin.action(description='Enable comments') @admin.action(description='Enable comments', permissions=["change"])
def Enable_comments(modeladmin, request, queryset): def Enable_comments(modeladmin, request, queryset):
queryset.update(lock_comments = 0) queryset.update(lock_comments = 0)
@admin.action(description='Feature selected communities') @admin.action(description='Feature selected communities', permissions=["change"])
def Feature_community(modeladmin, request, queryset): def Feature_community(modeladmin, request, queryset):
queryset.update(is_feature = True) queryset.update(is_feature = True)
@admin.action(description='Unfeature selected communities') @admin.action(description='Unfeature selected communities', permissions=["change"])
def Unfeature_community(modeladmin, request, queryset): def Unfeature_community(modeladmin, request, queryset):
queryset.update(is_feature = False) queryset.update(is_feature = False)
@admin.action(description='Force login') @admin.action(description='Force login', permissions=["change"])
def force_login(modeladmin, request, queryset): def force_login(modeladmin, request, queryset):
queryset.update(require_auth = True) queryset.update(require_auth = True)
@admin.action(description='Unforce login') @admin.action(description='Unforce login', permissions=["change"])
def unforce_login(modeladmin, request, queryset): def unforce_login(modeladmin, request, queryset):
queryset.update(require_auth = False) queryset.update(require_auth = False)
@admin.action(description='Disable user') @admin.action(description='Disable user', permissions=["change"])
def Disable_user(modeladmin, request, queryset): def Disable_user(modeladmin, request, queryset):
queryset.update(active = False) queryset.update(is_active = False)
@admin.action(description='Enable user') @admin.action(description='Enable user', permissions=["change"])
def Enable_user(modeladmin, request, queryset): def Enable_user(modeladmin, request, queryset):
queryset.update(active = True) queryset.update(is_active = True)
@admin.action(description='Demote user', permissions=["change"])
def Demote_user(modeladmin, request, queryset):
queryset.update(is_superuser = False)
queryset.update(is_staff = False)
queryset.update(level = 0)
class UserAdmin(BaseUserAdmin):
search_fields = ('id', 'username', 'nickname', 'email', 'addr', 'signup_addr')
list_display = ('id', 'username', 'nickname', 'level', 'is_active', 'is_staff', 'is_superuser')
actions = [Disable_user, Enable_user, Demote_user]
raw_id_fields = ('role', )
readonly_fields = ('last_login', 'created', )
fieldsets = (
(None, {'fields': ('nickname', 'username', 'password')}),
('Personal info', {'fields': ('email', ('addr', 'signup_addr'))}),
('Cosmetic', {'fields': (('role', 'avatar', 'has_mh'), 'color', 'theme', 'bg_url',)}),
('Data', {'fields': ('last_login', 'created', 'hide_online')}),
('Permissions', {'fields': (('is_active', 'is_staff', 'is_superuser', 'can_invite'), 'level', 'c_tokens', 'groups', 'user_permissions')}),
)
# yes this is stupid...
def get_queryset(self, request):
# Filter the list of users displayed based on the current user's level and superuser status.
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
return qs.filter(level__lt=request.user.level)
def has_change_permission(self, request, obj=None):
if not obj:
return super().has_change_permission(request, obj)
# Superusers can edit anyone
if request.user.is_superuser:
return True
# Users cannot edit superusers or users with a higher level than themselves
if obj.is_superuser or obj.level >= request.user.level:
return False
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if not obj:
return super().has_delete_permission(request, obj)
# Superusers can delete anyone
if request.user.is_superuser:
return True
# Users cannot delete superusers or users with a higher level than themselves
if obj.is_superuser or obj.level >= request.user.level:
return False
return super().has_delete_permission(request, obj)
def get_readonly_fields(self, request, obj=None):
# Get the default readonly fields
readonly_fields = super().get_readonly_fields(request, obj)
# If the user is not a superuser, add the fields to the readonly list
if not request.user.is_superuser:
readonly_fields += ('level', 'is_staff', 'is_superuser', 'groups', 'user_permissions', 'password')
return readonly_fields
class UserAdmin(admin.ModelAdmin):
search_fields = ('id', 'username', 'nickname', 'email', )
list_display = ('id', 'username', 'nickname', 'warned', 'level', 'staff', 'active', )
exclude = ('addr', 'signup_addr', 'password', )
actions = [Disable_user, Enable_user]
#exclude = ('staff', )
# Not yet
#form = UserForm
class ProfileAdmin(admin.ModelAdmin): class ProfileAdmin(admin.ModelAdmin):
search_fields = ('id', 'user__username__icontains', 'comment', 'origin_id',) search_fields = ('id', 'user__username__icontains', 'comment', 'origin_id',)
raw_id_fields = ('user', 'favorite',) raw_id_fields = ('user', 'favorite',)
@@ -142,12 +181,30 @@ class RoleAdmin(admin.ModelAdmin):
exclude = ('is_static', ) exclude = ('is_static', )
class BanAdmin(admin.ModelAdmin): class BanAdmin(admin.ModelAdmin):
# Hide that shit for now, Eventually I plan to get rid of the user_tools_meta thing completely and just show IP addresses for staff like any normal site. raw_id_fields = ('to', 'by')
exclude = ('ip_address', ) list_display = ('by', 'to', 'reason', 'expiry_date', 'active')
#class BlockAdmin(admin.ModelAdmin) def save_model(self, request, obj, form, change):
# Set the 'by' field to the currently logged-in user
obj.by = request.user
admin.site.unregister(Group) # Check if the user being banned is a superuser or has a higher level than the user issuing the ban
if obj.to.is_superuser or obj.to.level > request.user.level:
messages.error(request, "You cannot ban a superuser or a user with a higher level.")
return
super().save_model(request, obj, form, change)
def response_add(self, request, obj, post_url_continue=None):
# If there was an error, redirect back to the 'add' page
if messages.get_messages(request):
return HttpResponseRedirect(request.path)
return super().response_add(request, obj, post_url_continue)
class LoginAdmin(admin.ModelAdmin):
raw_id_fields = ('user',)
list_display = ('user', 'addr', 'user_agent', )
search_fields = ('user__username', 'addr', 'user_agent', )
admin.site.register(models.Role, RoleAdmin) admin.site.register(models.Role, RoleAdmin)
admin.site.register(models.User, UserAdmin) admin.site.register(models.User, UserAdmin)
@@ -158,24 +215,25 @@ admin.site.register(models.Complaint, ComplaintAdmin)
admin.site.register(models.Message, MessageAdmin) admin.site.register(models.Message, MessageAdmin)
admin.site.register(models.Conversation, ConversationAdmin) admin.site.register(models.Conversation, ConversationAdmin)
admin.site.register(models.Notification, NotificationAdmin) admin.site.register(models.Notification, NotificationAdmin)
#admin.site.register(models.LoginAttempt, LoginAdmin) admin.site.register(models.LoginAttempt, LoginAdmin)
admin.site.register(models.UserBlock) admin.site.register(models.UserBlock)
admin.site.register(models.AuditLog, AuditAdmin) admin.site.register(models.AuditLog, AuditAdmin)
admin.site.register(models.ProfileHistory, HistoryAdmin) admin.site.register(models.ProfileHistory, HistoryAdmin)
admin.site.register(models.Yeah)
admin.site.register(models.Follow)
admin.site.register(models.FriendRequest)
admin.site.register(models.Post, PostAdmin) admin.site.register(models.Post, PostAdmin)
admin.site.register(models.Comment, CommentAdmin) admin.site.register(models.Comment, CommentAdmin)
admin.site.register(models.Ads, AdsAdmin)
admin.site.register(models.Ban, BanAdmin) admin.site.register(models.Ban, BanAdmin)
admin.site.register(models.Warning) admin.site.register(models.Warning)
if settings.DEBUG: # This will show fucking everything, just don't give other people perms to see content types, sessions, and all that shit.
admin.site.register(models.Yeah) # This is so the superuser, owner of the site can see everything.
admin.site.register(models.Follow) app_models = apps.get_models()
admin.site.register(models.FriendRequest) for model in app_models:
admin.site.register(models.Friendship, ConversationAdmin) try:
#admin.site.register(models.Notification) admin.site.register(model)
admin.site.register(models.Poll) except admin.sites.AlreadyRegistered:
admin.site.register(models.PollVote) pass
admin.site.register(models.Ads, AdsAdmin)
+2 -2
View File
@@ -125,7 +125,7 @@ class LoginForm(forms.Form):
raise forms.ValidationError("Invalid password.", code='invalid') raise forms.ValidationError("Invalid password.", code='invalid')
elif user[1] == 2: elif user[1] == 2:
raise forms.ValidationError("This account's password needs to be reset. Contact an admin or reset by email.", code='required_reset') raise forms.ValidationError("This account's password needs to be reset. Contact an admin or reset by email.", code='required_reset')
elif not user[0].is_active(): elif not user[0].is_active:
raise forms.ValidationError("This account was disabled.", code='disabled') raise forms.ValidationError("This account was disabled.", code='disabled')
return cleaned_data return cleaned_data
@@ -136,7 +136,7 @@ class User_tools_Form(forms.ModelForm):
class Meta: class Meta:
model = User model = User
fields = ['username', 'nickname', 'role', 'c_tokens', 'hide_online', 'active', 'can_invite', 'has_mh', 'avatar'] fields = ['username', 'nickname', 'role', 'c_tokens', 'hide_online', 'can_invite', 'has_mh', 'avatar']
def clean_username(self): def clean_username(self):
username = self.cleaned_data.get('username') username = self.cleaned_data.get('username')
+2 -2
View File
@@ -89,7 +89,7 @@ class ClosedMiddleware(object):
""" """
if request.user.is_authenticated: if request.user.is_authenticated:
""" """
if not request.user.is_active(): if not request.user.is_active:
if request.user.warned_reason: if request.user.warned_reason:
ban_msg = request.user.warned_reason ban_msg = request.user.warned_reason
else: else:
@@ -97,7 +97,7 @@ class ClosedMiddleware(object):
return HttpResponseForbidden(ban_msg) return HttpResponseForbidden(ban_msg)
""" """
# can just forbid post requests for the time being (but leav our funny logout message :3) # can just forbid post requests for the time being (but leav our funny logout message :3)
if not request.user.is_active() and request.method != 'GET' and request.get_full_path() != '/logout/': if not request.user.is_active and request.method != 'GET' and request.get_full_path() != '/logout/':
return HttpResponseForbidden() return HttpResponseForbidden()
response = self.get_response(request) response = self.get_response(request)
if request.user.is_authenticated: if request.user.is_authenticated:
+27 -33
View File
@@ -1,7 +1,7 @@
from __future__ import unicode_literals from __future__ import unicode_literals
from django.db import models from django.db import models
from django.contrib.auth.base_user import AbstractBaseUser from django.contrib.auth.base_user import BaseUserManager
from django.contrib.auth.models import BaseUserManager from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from django.db.models import Q, Max, F, Count, Exists, OuterRef, Subquery #, QuerySet, Case, When, from django.db.models import Q, Max, F, Count, Exists, OuterRef, Subquery #, QuerySet, Case, When,
from django.utils import timezone from django.utils import timezone
from django.http import Http404 from django.http import Http404
@@ -68,10 +68,12 @@ class UserManager(BaseUserManager):
def create_superuser(self, username, password): def create_superuser(self, username, password):
user = self.model( user = self.model(
username=username, username=username,
nickname=username,
) )
user.set_password(password) user.set_password(password)
user.staff = True user.is_staff = True
user.level = 99 # added because some admin funcs are missing otherwise user.is_superuser = True
user.level = 999 # added because some admin funcs are missing otherwise
user.save() user.save()
profile = Profile.objects.model() profile = Profile.objects.model()
profile.user = user profile.user = user
@@ -134,11 +136,9 @@ class Role(models.Model):
# as of writing, mii-secure is unstable, nintendo please do not f*ck me for this # as of writing, mii-secure is unstable, nintendo please do not f*ck me for this
mii_domain = 'https://s3.us-east-1.amazonaws.com/mii-images.account.nintendo.net/' mii_domain = 'https://s3.us-east-1.amazonaws.com/mii-images.account.nintendo.net/'
class User(AbstractBaseUser): class User(AbstractBaseUser, PermissionsMixin):
id = models.AutoField(primary_key=True) id = models.AutoField(primary_key=True)
username = models.CharField(max_length=32, unique=True) username = models.CharField(max_length=32, unique=True)
# Todo: Don't allow nickname to be null (once this is fixed, un-str-ify line 357 of views; the one with ogdata description)
# Also don't let lots of other strings to be null
nickname = models.CharField(max_length=64, null=True) nickname = models.CharField(max_length=64, null=True)
password = models.CharField(max_length=128) password = models.CharField(max_length=128)
email = models.EmailField(null=True, blank=True, default='') email = models.EmailField(null=True, blank=True, default='')
@@ -146,7 +146,7 @@ class User(AbstractBaseUser):
avatar = models.CharField(max_length=1200, blank=True, default='') avatar = models.CharField(max_length=1200, blank=True, default='')
theme = ColorField(blank=True, null=True) theme = ColorField(blank=True, null=True)
# LEVEL: 0-1 is default, everything else is just levels # LEVEL: 0-1 is default, everything else is just levels
level = models.SmallIntegerField(default=0, help_text='The rank of the user, \"0\" is by default. Users with a high enough rank will be able to manage users.') level = models.SmallIntegerField(default=0, help_text='This is the level of authority. People with a lower level cannot edit those with a higher level. This also grants additional permissions outside of the Django Admin Panel.')
role = models.ForeignKey(Role, blank=True, null=True, on_delete=models.SET_NULL, help_text='This will show a funny badge and text on this user\'s profile. This does not grant the user any additional power and is only visual.') role = models.ForeignKey(Role, blank=True, null=True, on_delete=models.SET_NULL, help_text='This will show a funny badge and text on this user\'s profile. This does not grant the user any additional power and is only visual.')
addr = models.CharField(max_length=64, null=True, blank=True) addr = models.CharField(max_length=64, null=True, blank=True)
signup_addr = models.CharField(max_length=64, null=True, blank=True) signup_addr = models.CharField(max_length=64, null=True, blank=True)
@@ -157,11 +157,10 @@ class User(AbstractBaseUser):
hide_online = models.BooleanField(default=False, help_text='If this is ticked, the user has opted to hide their online status.') hide_online = models.BooleanField(default=False, help_text='If this is ticked, the user has opted to hide their online status.')
color = ColorField(default='', null=True, blank=True) color = ColorField(default='', null=True, blank=True)
staff = models.BooleanField(default=False, help_text='Allow this user to access the admin panel you\'re using right now?') is_staff = models.BooleanField(default=False, help_text='Allow this user to access the admin panel you\'re using right now?')
active = models.BooleanField(default=True, help_text='If this is off, the user is basically banned and can\'t do shit here') is_active = models.BooleanField(default=True, help_text='If this is off, the user is basically banned and can\'t do shit here')
is_superuser = models.BooleanField(default=False, help_text='Overrides django groups. This also allows you to change people\'s perms.')
can_invite = models.BooleanField(default=True, help_text='Can this user invite new users? This does not matter unless the invite system is turned on.') can_invite = models.BooleanField(default=True, help_text='Can this user invite new users? This does not matter unless the invite system is turned on.')
warned = models.BooleanField(default=False, help_text='Shows an annoying fucking warning box on the front page.')
warned_reason = models.CharField(blank=True, null=True, max_length=600, help_text='This string will show if the user is banned, or warned.')
bg_url = models.CharField(max_length=300, null=True, blank=True) bg_url = models.CharField(max_length=300, null=True, blank=True)
is_anonymous = False is_anonymous = False
@@ -175,6 +174,11 @@ class User(AbstractBaseUser):
objects = UserManager() objects = UserManager()
class Meta:
permissions = [
("Can_alter_level_and_Perms", "Allow this user to change Level, Groups and Permissions?"),
]
def __str__(self): def __str__(self):
return self.username return self.username
def get_full_name(self): def get_full_name(self):
@@ -185,16 +189,6 @@ class User(AbstractBaseUser):
return self.username return self.username
def has_module_perms(self, a): def has_module_perms(self, a):
return True return True
def has_perm(self, a):
return self.staff
def is_staff(self):
return self.staff
def is_active(self):
return self.active
def is_warned(self):
return self.warned
def get_warned_reason(self):
return self.warned_reason
def profile(self, attr=None): def profile(self, attr=None):
# If attr is specified, that field is retrieved # If attr is specified, that field is retrieved
if attr: if attr:
@@ -425,7 +419,7 @@ class User(AbstractBaseUser):
# Admin can-manage # Admin can-manage
def can_manage(self): def can_manage(self):
if self.level >= settings.level_needed_to_man_users or self.staff: if self.level >= settings.level_needed_to_man_users or self.is_staff:
can_manage = True can_manage = True
else: else:
can_manage = False can_manage = False
@@ -433,7 +427,7 @@ class User(AbstractBaseUser):
# Does self have authority over user? # Does self have authority over user?
def has_authority(self, user): def has_authority(self, user):
if user.is_authenticated: if user.is_authenticated:
if self.staff and not user.staff: if self.is_staff and not user.is_staff:
return True return True
if self.level >= user.level: if self.level >= user.level:
return True return True
@@ -761,13 +755,13 @@ class Community(models.Model):
return False return False
def post_perm(self, request): def post_perm(self, request):
if not request.user.active: if not request.user.is_active:
return False return False
if self.Community_block(request): if self.Community_block(request):
return False return False
if request.user.level >= self.rank_needed_to_post: if request.user.level >= self.rank_needed_to_post:
return True return True
elif request.user.staff == True: elif request.user.is_staff == True:
return True return True
# If the community is made by you, you should be able to post in there regardless. # If the community is made by you, you should be able to post in there regardless.
elif request.user == self.creator: elif request.user == self.creator:
@@ -779,12 +773,12 @@ class Community(models.Model):
if not request.user.is_authenticated: if not request.user.is_authenticated:
return False return False
# If the user is a mod but can't post in one community, the user should not edit it either. # If the user is a mod but can't post in one community, the user should not edit it either.
if not request.user.level >= self.rank_needed_to_post and not request.user.staff == True: if not request.user.level >= self.rank_needed_to_post and not request.user.is_staff == True:
return False return False
if request.user == self.creator: if request.user == self.creator:
return True return True
elif request.user.level >= settings.level_needed_to_man_communities or request.user.staff == True: elif request.user.level >= settings.level_needed_to_man_communities or request.user.is_staff == True:
return True return True
else: else:
return False return False
@@ -821,7 +815,7 @@ class Community(models.Model):
return 5 return 5
if not request.user.has_freedom() and (request.POST.get('url') or request.FILES.get('screen') or request.FILES.get('video')): if not request.user.has_freedom() and (request.POST.get('url') or request.FILES.get('screen') or request.FILES.get('video')):
return 6 return 6
if not request.user.is_active(): if not request.user.is_active:
return 6 return 6
if request.user.unread_warning(): if request.user.unread_warning():
return 13 return 13
@@ -955,7 +949,7 @@ class Post(models.Model):
def can_yeah(self, request): def can_yeah(self, request):
if not request.user.is_authenticated: if not request.user.is_authenticated:
return False return False
if not request.user.is_active(): if not request.user.is_active:
return False return False
if self.community.Community_block(request): if self.community.Community_block(request):
return False return False
@@ -988,7 +982,7 @@ class Post(models.Model):
def can_comment(self, request): def can_comment(self, request):
if self.number_comments() > 500: if self.number_comments() > 500:
return False return False
if not request.user.active: if not request.user.is_active:
return False return False
# yeah this is fucking nuts. It's basically a ban from an entire community. # yeah this is fucking nuts. It's basically a ban from an entire community.
if self.community.Community_block(request): if self.community.Community_block(request):
@@ -1063,7 +1057,7 @@ class Post(models.Model):
for c in request.POST['body']: for c in request.POST['body']:
if unicodedata.combining(c): if unicodedata.combining(c):
return 12 return 12
if not request.user.is_active(): if not request.user.is_active:
return 6 return 6
if len(request.POST['body']) > 2200 or (len(request.POST['body']) < 1 and not request.POST.get('_post_type') == 'painting'): if len(request.POST['body']) > 2200 or (len(request.POST['body']) < 1 and not request.POST.get('_post_type') == 'painting'):
return 1 return 1
@@ -1206,7 +1200,7 @@ class Comment(models.Model):
else: else:
return False return False
def can_yeah(self, request): def can_yeah(self, request):
if not request.user.is_authenticated or not request.user.is_active(): if not request.user.is_authenticated or not request.user.is_active:
return False return False
if self.is_mine(request.user) or UserBlock.find_block(self.creator, request.user): if self.is_mine(request.user) or UserBlock.find_block(self.creator, request.user):
return False return False
@@ -121,6 +121,9 @@
</a> </a>
<a href={% url "main:user-tools-bans" user.username %} class="sidebar-admin-bans symbol{% if selection == 9 %} selected{% endif %}"> <a href={% url "main:user-tools-bans" user.username %} class="sidebar-admin-bans symbol{% if selection == 9 %} selected{% endif %}">
<span>Ban User</span> <span>Ban User</span>
</a>
<a href={% url "main:user-tools-meta" user.username %} class="sidebar-admin-meta symbol{% if selection == 10 %} selected{% endif %}">
<span>View Metadata</span> <!--Too lazy to hide this for now. It will error out if you don't have a high enough level.-->
</a> </a>
</div> </div>
</div> </div>
@@ -9,7 +9,7 @@
<h3>General account information:</h3> <h3>General account information:</h3>
<p>IP address: <span>{% if user.addr %}{{ user.addr }}{% else %}Data missing{% endif %} <p>IP address: <span>{% if user.addr %}{{ user.addr }}{% else %}Data missing{% endif %}
<p>Signup IP address: <span>{% if user.signup_addr %}{{ user.signup_addr }}{% else %}Data missing{% endif %}</p> <p>Signup IP address: <span>{% if user.signup_addr %}{{ user.signup_addr }}{% else %}Data missing{% endif %}</p>
<p>Rank: <span>{% if user.staff %}You are a staff member.{% elif not user.level <= 0 %}You are a moderator. (Level {{ user.level }}){% else %}You are a regular user.{% endif %} <p>Rank: <span>{% if user.is_staff %}You are a staff member.{% elif not user.level <= 0 %}You are a moderator. (Level {{ user.level }}){% else %}You are a regular user.{% endif %}
<h3>My content:</h3> <h3>My content:</h3>
<p>Your account has existed for {{ user.created|timesince }}! During that time, we've collected:</p> <p>Your account has existed for {{ user.created|timesince }}! During that time, we've collected:</p>
<ul> <ul>
@@ -20,16 +20,12 @@
<li>My notifications: <span> {{ notifications }} <li>My notifications: <span> {{ notifications }}
</ul> </ul>
<h3>Restrictions:</h3> <h3>Restrictions:</h3>
{% if request.user.active %}
<ul> <ul>
<li>Sending images and creating new accounts: <span> {% if user.has_freedom %}Good standing{% else %}Restricted{% endif %} <li>Sending images and creating new accounts: <span> {% if user.has_freedom %}Good standing{% else %}Restricted{% endif %}
<li>Post limit: <span> {% if request.user.profile.limit_post == 0 %}Good standing{% else %}{{ user.profile.limit_post }}{% endif %} <li>Post limit: <span> {% if request.user.profile.limit_post == 0 %}Good standing{% else %}{{ user.profile.limit_post }}{% endif %}
<li>Editing your profile: <span> {% if not user.profile.cannot_edit %}Good standing{% else %}Restricted{% endif %} <li>Editing your profile: <span> {% if not user.profile.cannot_edit %}Good standing{% else %}Restricted{% endif %}
<li>Creating invites: <span> {% if user.can_invite %}Good standing{% else %}Restricted{% endif %} <li>Creating invites: <span> {% if user.can_invite %}Good standing{% else %}Restricted{% endif %}
</ul> </ul>
{% else %}
<p class='center'>You've been fucking banned lmao</p>
{% endif %}
<h3>Collected data:</h3> <h3>Collected data:</h3>
<div class="user-data"> <div class="user-data">
<p class="label">Account login history:</p> <p class="label">Account login history:</p>
@@ -56,68 +56,23 @@
<p class='note'>{{ field.help_text }}</p> <p class='note'>{{ field.help_text }}</p>
{% endfor %} {% endfor %}
</li> </li>
<li class="setting">
<div class="center center-input">
<p class="settings-label">Metadata:</p>
<div class="user-data">
<p>Rank: <span>{% if user.staff %}Staff member.{% elif not user.level <= 0 %}Moderator. (Level {{ user.level }}){% else %}Regular user.{% endif %}
<p>&nbsp;</p>
</div>
{% if request.user.level >= min_lvl_metadata_perms %}
<a class='button' href="{% url "main:user-tools-meta" user.username %}">View private info</a>
{% endif %}
</div>
</li>
{% if accountmatch %} {% if accountmatch %}
<h3>Account(s) found with the same IP address.</h3> <h3>Account(s) found with the same IP address.</h3>
<div class="user-data"> <div class="user-data">
<table style="width:100%"> <table style="width:100%">
<tr>
<th>Created</th>
<th>Match</th>
</tr>
{% for accountmatch in accountmatch %} {% for accountmatch in accountmatch %}
<tr> <tr>
<td>{{ accountmatch.created }}</td>
<td><a href={% url "main:user-view" accountmatch.username %}>{{ accountmatch.username }}</a></td> <td><a href={% url "main:user-view" accountmatch.username %}>{{ accountmatch.username }}</a></td>
</tr> </tr>
{% endfor %} {% endfor %}
</table> </table>
</div> </div>
{% endif %} {% endif %}
{% if seen_by %}
<h3>Account viewed by:</h3>
<div class="user-data">
<table style="width:100%">
<tr>
<th>Time</th>
<th>Seen by</th>
</tr>
{% for seen_by in seen_by %}
<tr>
<td>{{ seen_by.created }}</td>
<td>{{ seen_by.from_user }}</td>
</tr>
{% endfor %}
</table>
</div>
{% endif %}
{% if has_seen %}
<h3>This user has viewed:</h3>
<div class="user-data">
<table style="width:100%">
<tr>
<th>Time</th>
<th>Seen</th>
</tr>
{% for has_seen in has_seen %}
<tr>
<td>{{ has_seen.created }}</td>
<td>{{ has_seen.target_user }}</td>
</tr>
{% endfor %}
</table>
</div>
{% endif %}
</li>
{% csrf_token %} {% csrf_token %}
<div class="form-buttons"> <div class="form-buttons">
<input type="submit" class="black-button apply-button" value="Save"> <input type="submit" class="black-button apply-button" value="Save">
@@ -1,5 +1,6 @@
{% extends "closedverse_main/layout.html" %} {% extends "closedverse_main/layout.html" %}
{% block main-body %}{% load closedverse_user %}{% load closedverse_tags %} {% block main-body %}{% load closedverse_user %}{% load closedverse_tags %}
{% user_sidebar request user profile 10 False %}
<div id="help" class="main-column"> <div id="help" class="main-column">
<div class="post-list-outline"> <div class="post-list-outline">
<h2 class="label">View info for {{ user.username }}</h2> <h2 class="label">View info for {{ user.username }}</h2>
@@ -11,7 +12,7 @@
<p>IP address: <span>{% if user.addr %}{{ user.addr }}{% else %}Data missing{% endif %} <p>IP address: <span>{% if user.addr %}{{ user.addr }}{% else %}Data missing{% endif %}
<p>Signup IP address: <span>{% if user.signup_addr %}{{ user.signup_addr }}{% else %}Data missing{% endif %}</p> <p>Signup IP address: <span>{% if user.signup_addr %}{{ user.signup_addr }}{% else %}Data missing{% endif %}</p>
<p>Email: <span>{% if user.email %}{{ user.email }}{% else %}Data missing{% endif %} <p>Email: <span>{% if user.email %}{{ user.email }}{% else %}Data missing{% endif %}
<p>Rank: <span>{% if user.staff %}Staff member.{% elif not user.level <= 0 %}Moderator. (Level {{ user.level }}){% else %}Regular user.{% endif %} <p>Rank: <span>{% if user.is_staff %}Staff member.{% elif not user.level <= 0 %}Moderator. (Level {{ user.level }}){% else %}Regular user.{% endif %}
</div> </div>
{% if accountmatch %} {% if accountmatch %}
<h3>Account(s) found with the same IP address.</h3> <h3>Account(s) found with the same IP address.</h3>
@@ -36,14 +37,12 @@
<table style="width:100%"> <table style="width:100%">
<tr> <tr>
<th>Time</th> <th>Time</th>
<th>Success</th>
<th class="ip">IP</th> <th class="ip">IP</th>
<th>User agent</th> <th>User agent</th>
</tr> </tr>
{% for log_attempt in log_attempt %} {% for log_attempt in log_attempt %}
<tr> <tr>
<td>{{ log_attempt.created }}</td> <td>{{ log_attempt.created }}</td>
<td{% if not log_attempt.success %} style="border: #f44336 2px solid;"{% endif %}>{{ log_attempt.success }}</td>
<td class="ip">{{ log_attempt.addr }}</td> <td class="ip">{{ log_attempt.addr }}</td>
<td>{{ log_attempt.user_agent }} <td>{{ log_attempt.user_agent }}
</tr> </tr>
@@ -53,27 +52,6 @@
{% else %} {% else %}
<p>Error: No login history to report, it was likely deleted.</p> <p>Error: No login history to report, it was likely deleted.</p>
{% endif %} {% endif %}
{% if seen_by %}
<h3>Account viewed by:</h3>
<div class="user-data">
<table style="width:100%">
<tr>
<th>Time</th>
<th>Seen by</th>
</tr>
{% for seen_by in seen_by %}
<tr>
<td>{{ seen_by.created }}</td>
<td>{{ seen_by.from_user }}</td>
</tr>
{% endfor %}
</table>
</div>
{% else %}
<p>Error: No view history to report, it was likely deleted.</p>
{% endif %}
<p class='red'>Do I need to state the obvious? Please don't share this, ever!</p> <p class='red'>Do I need to state the obvious? Please don't share this, ever!</p>
</div></div></div></div> </div></div></div></div>
{% endblock %} {% endblock %}
-8
View File
@@ -1628,8 +1628,6 @@ def user_tools(request, username):
user_form = User_tools_Form(instance=user) user_form = User_tools_Form(instance=user)
profile_form = Profile_tools_Form(instance=profile) profile_form = Profile_tools_Form(instance=profile)
purge_form = PurgeForm() purge_form = PurgeForm()
seen_by = MetaViews.objects.filter(target_user=user).distinct().order_by('-id')[:10]
has_seen = MetaViews.objects.filter(from_user=user).distinct().order_by('-id')[:10]
accountmatch = User.objects.filter( accountmatch = User.objects.filter(
Q(addr=user.addr) | Q(addr=user.signup_addr) Q(addr=user.addr) | Q(addr=user.signup_addr)
@@ -1641,8 +1639,6 @@ def user_tools(request, username):
'user_form': user_form, 'user_form': user_form,
'purge_form': purge_form, 'purge_form': purge_form,
'profile_form': profile_form, 'profile_form': profile_form,
'seen_by': seen_by,
'has_seen': has_seen,
'profile': profile, 'profile': profile,
'accountmatch': accountmatch, 'accountmatch': accountmatch,
'min_lvl_metadata_perms': settings.min_lvl_metadata_perms, 'min_lvl_metadata_perms': settings.min_lvl_metadata_perms,
@@ -1668,9 +1664,6 @@ def user_tools_meta(request, username):
MetaViews.objects.create(target_user=user, from_user=request.user) MetaViews.objects.create(target_user=user, from_user=request.user)
except: except:
MetaViews.objects.create(target_user=user, from_user=request.user) MetaViews.objects.create(target_user=user, from_user=request.user)
seen_by = MetaViews.objects.filter(target_user=user).distinct().order_by('-id')[:50]
#has_seen = MetaViews.objects.filter(from_user=user).distinct().order_by('-id')[:50]
log_attempt = LoginAttempt.objects.filter(user=user).order_by('-id')[:50] log_attempt = LoginAttempt.objects.filter(user=user).order_by('-id')[:50]
accountmatch = User.objects.filter( accountmatch = User.objects.filter(
Q(addr=user.addr) | Q(addr=user.signup_addr) Q(addr=user.addr) | Q(addr=user.signup_addr)
@@ -1685,7 +1678,6 @@ def user_tools_meta(request, username):
return render(request, 'closedverse_main/man/usertoolsmeta.html', { return render(request, 'closedverse_main/man/usertoolsmeta.html', {
'title': 'Admin tools', 'title': 'Admin tools',
'user': user, 'user': user,
'seen_by': seen_by,
'accountmatch': accountmatch, 'accountmatch': accountmatch,
'log_attempt': log_attempt, 'log_attempt': log_attempt,
'profile': profile, 'profile': profile,