diff --git a/r2/r2/controllers/validator/validator.py b/r2/r2/controllers/validator/validator.py index 248a4db3f..f56585163 100644 --- a/r2/r2/controllers/validator/validator.py +++ b/r2/r2/controllers/validator/validator.py @@ -824,10 +824,17 @@ class VTrafficViewer(VSponsor): promote.is_traffic_viewer(thing, c.user)) class VSrModerator(Validator): + def __init__(self, fatal=True, *a, **kw): + Validator.__init__(self, *a, **kw) + # If True, abort rather than setting an error + self.fatal = fatal + def run(self): if not (c.user_is_loggedin and c.site.is_moderator(c.user) or c.user_is_admin): - abort(403, "forbidden") + if self.fatal: + abort(403, "forbidden") + return self.set_error('MODERATOR_REQUIRED', code=403) class VFlairManager(VSrModerator): """Validates that a user is permitted to manage flair for a subreddit. diff --git a/r2/r2/controllers/validator/wiki.py b/r2/r2/controllers/validator/wiki.py index ec880b7a1..a002e68ea 100644 --- a/r2/r2/controllers/validator/wiki.py +++ b/r2/r2/controllers/validator/wiki.py @@ -28,7 +28,8 @@ from pylons.controllers.util import redirect_to from pylons import c, g, request from r2.models.wiki import WikiPage, WikiRevision -from r2.controllers.validator import Validator, validate, make_validated_kw +from r2.controllers.validator import (Validator, validate, VSrModerator, + make_validated_kw) from r2.lib.db import tdb_cassandra @@ -170,6 +171,10 @@ class AbortWikiError(Exception): page_match_regex = re.compile(r'^[\w_/]+\Z') +class VWikiModerator(VSrModerator): + def __init__(self, *a, **kw): + VSrModerator.__init__(self, fatal=False, *a, **kw) + class VWikiPage(Validator): def __init__(self, param, required=True, restricted=True, modonly=False, **kw): self.restricted = restricted diff --git a/r2/r2/controllers/wiki.py b/r2/r2/controllers/wiki.py index 1bbbc909c..ec02099d0 100644 --- a/r2/r2/controllers/wiki.py +++ b/r2/r2/controllers/wiki.py @@ -37,8 +37,9 @@ from r2.lib.template_helpers import join_urls from r2.controllers.validator import VMarkdown from r2.controllers.validator.wiki import (VWikiPage, VWikiPageAndVersion, - VWikiPageRevise, VWikiPageCreate, - this_may_view, wiki_validate) + VWikiModerator, VWikiPageRevise + VWikiPageCreate, this_may_view + wiki_validate) from r2.lib.pages.wiki import (WikiPageView, WikiNotFound, WikiRevisions, WikiEdit, WikiSettings, WikiRecent, @@ -269,10 +270,10 @@ class WikiApiController(WikiController): self.handle_error(409, 'EDIT_CONFLICT', newcontent=e.new, newrevision=page.revision, diffcontent=e.htmldiff) return json.dumps({}) - @wiki_validate(page=VWikiPage('page'), user=VExistingUname('username')) + @wiki_validate(VWikiModerator(), + page=VWikiPage('page'), + user=VExistingUname('username')) def POST_wiki_allow_editor(self, act, page, user): - if not c.is_wiki_mod: - self.handle_error(403, 'MOD_REQUIRED') if act == 'del': page.remove_editor(c.username) else: @@ -281,17 +282,15 @@ class WikiApiController(WikiController): page.add_editor(user.name) return json.dumps({}) - @wiki_validate(pv=VWikiPageAndVersion(('page', 'revision'))) + @wiki_validate(VWikiModerator(), + pv=VWikiPageAndVersion(('page', 'revision'))) def POST_wiki_revision_hide(self, pv, page, revision): - if not c.is_wiki_mod: - self.handle_error(403, 'MOD_REQUIRED') page, revision = pv return json.dumps({'status': revision.toggle_hide()}) - @wiki_validate(pv=VWikiPageAndVersion(('page', 'revision'))) + @wiki_validate(VWikiModerator(), + pv=VWikiPageAndVersion(('page', 'revision'))) def POST_wiki_revision_revert(self, pv, page, revision): - if not c.is_wiki_mod: - self.handle_error(403, 'MOD_REQUIRED') page, revision = pv content = revision.content author = revision._get('author')