github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-27 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Remove account restrictions for app developers

Browse Source 
Ever since we added OAuth developers in reddit/reddit@cc40171, we've been
silently filtering out deleted and spammed users in any of the developer
listings.  Recently, we added users in timeout to that list as well.

This can cause some unexpected behavior at times.  One of the most notable is
the check of the developer list when we remove a dev: if there aren't any more
devs, we delete the app.  If a developer of a popular app gets themselves in a
temporary timeout or accidentally gets spammed, this would break the app for
all its users, which is less than ideal.

We discussed this a bit and decided there's not a good reason to tie these
things together.  If a user needs disciplining, that shouldn't affect their
app.  If a user is a spammer, that shouldn't affect their apps (because you
can't do much with that anyways).  And if we actually do want to remove a
user's developer access to an app (say, because they're using it to create
massive amounts of spam), we should do that with a separate tool.

I did leave the filtering out of deleted users in place.  Partly this was
because otherwise a number of other places in the code would need to add
various conditionals to deal with the situation, and I was lazy, but mostly
it's because we shouldn't have any of these, anyways: account deletion removes
the user from all of their apps, and you can't add a deleted user back as a new
developer.
This commit is contained in:
xiongchiamiov
2015-11-05 13:56:13 -08:00
parent 89874d5b26
commit f89159612e
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
r2/r2/models/token.py
View File

@@ -424,10 +424,8 @@ class OAuth2Client(Token):
def _developers(self):
"""Returns a list of users who are developers of this client."""
devs = Account._byID(list(self._developer_ids))
return [dev for dev in devs.itervalues()
if not (dev._deleted or dev._spam or
(dev.in_timeout and feature.is_enabled('timeouts')))]
devs = Account._byID(list(self._developer_ids), return_dict=False)
return [dev for dev in devs if not dev._deleted]
def _developer_colname(self, account):
"""Developer access is granted by way of adding a column with the
@@ -440,8 +438,7 @@ class OAuth2Client(Token):
def has_developer(self, account):
"""Returns a boolean indicating whether or not the supplied Account is a developer of this application."""
if (account._deleted or account._spam or
(account.in_timeout and feature.is_enabled('timeouts'))):
if account._deleted:
return False
else:
return getattr(self, self._developer_colname(account), False)
@@ -482,8 +479,7 @@ class OAuth2Client(Token):
def _by_developer(cls, account):
"""Returns a (possibly empty) list of clients for which Account is a developer."""
if (account._deleted or account._spam or
(account.in_timeout and feature.is_enabled('timeouts'))):
if account._deleted:
return []
try: