Permalink
Browse files

Subreddits: prevent contradictory status changes

This change makes it so that is no longer possible to ban a moderator,
or add a banned user as a mod/contributor/wiki-contributor.
  • Loading branch information...
1 parent d493330 commit 5cb1f2e68dd1afd79fa28934368c61dfa231e80d @Deimos Deimos committed Feb 26, 2014
Showing with 14 additions and 1 deletion.
  1. +10 −1 r2/r2/controllers/api.py
  2. +1 −0 r2/r2/lib/errors.py
  3. +1 −0 r2/r2/templates/modlisting.html
  4. +2 −0 r2/r2/templates/userlisting.html
@@ -844,11 +844,20 @@ def POST_friend(self, form, jquery, ip, friend,
else:
permissions = None
- if type == "moderator_invite" and container.is_moderator(friend):
+ if (type in ("banned", "moderator_invite") and
+ container.is_moderator(friend)):
c.errors.add(errors.ALREADY_MODERATOR, field="name")
form.set_error(errors.ALREADY_MODERATOR, "name")
return
+ # don't allow increasing privileges of banned users
+ unbanned_types = ("moderator", "moderator_invite",
+ "contributor", "wikicontributor")
+ if type in unbanned_types and container.is_banned(friend):
+ c.errors.add(errors.BANNED_FROM_SUBREDDIT, field="name")
+ form.set_error(errors.BANNED_FROM_SUBREDDIT, "name")
+ return
+
if type == "moderator":
container.remove_moderator_invite(friend)
View
@@ -135,6 +135,7 @@
('JSON_MISSING_KEY', _('JSON missing key: "%(key)s"')),
('NO_CHANGE_KIND', _("can't change post type")),
('INVALID_LOCATION', _("invalid location")),
+ ('BANNED_FROM_SUBREDDIT', _('that user is banned from the subreddit')),
))
errors = Storage([(e, e) for e in error_list.keys()])
@@ -52,6 +52,7 @@
%if thing.addable and thing.has_add_form:
<%call expr="add_form(thing.form_title, thing.destination, thing.type, thing.container_name, verb=_('add'))">
${error_field("ALREADY_MODERATOR", "name")}
+ ${error_field("BANNED_FROM_SUBREDDIT", "name")}
</%call>
%endif
${listing()}
@@ -60,6 +60,8 @@
<button class="btn" type="submit">${verb or _("add")}</button>
<span class="status"></span>
${error_field("USER_DOESNT_EXIST", "name")}
+ ${error_field("ALREADY_MODERATOR", "name")}
+ ${error_field("BANNED_FROM_SUBREDDIT", "name")}
%if caller:
${caller.body()}
%endif

0 comments on commit 5cb1f2e

Please sign in to comment.