add thread view acl

app.py

@@ -516,9 +516,9 @@ app.route('/api/markup')(api_markup)
 app.route('/api/user_info/<name>', methods = ['POST', 'GET'])(api_user_info)
 app.route('/api/setting/<name>')(api_setting)
 
-app.route('/api/thread/<int:topic_num>/<tool>/<int:num>')(api_topic_sub)
-app.route('/api/thread/<int:topic_num>/<tool>')(api_topic_sub)
-app.route('/api/thread/<int:topic_num>')(api_topic_sub)
+app.route('/api/thread/<int:topic_num>/<tool>/<int:num>')(api_topic)
+app.route('/api/thread/<int:topic_num>/<tool>')(api_topic)
+app.route('/api/thread/<int:topic_num>')(api_topic)
 
 app.route('/api/search/<everything:name>/doc_num/<int:num>/<int:page>')(api_search)
 app.route('/api/search/<everything:name>')(api_search)

route/api_topic.py

@@ -0,0 +1,68 @@
+from .tool.func import *
+
+def api_topic(topic_num = 1, tool = 'normal', num = ''):
+    with get_db_connect() as conn:
+        curs = conn.cursor()
+
+        topic_num = str(topic_num)
+
+        if acl_check('', 'topic_view', topic_num) != 1:
+            if tool == 'normal':
+                if num != '':
+                    curs.execute(db_change(
+                        "select id, data, date, ip, block, top from topic where code = ? and id + 0 = ? + 0 order by id + 0 asc"
+                    ), [
+                        topic_num,
+                        num
+                    ])
+                else:
+                    curs.execute(db_change(
+                        "select id, data, date, ip, block, top from topic where code = ? order by id + 0 asc"
+                    ), [
+                        topic_num
+                    ]) 
+            else:
+                curs.execute(db_change(
+                    "select id, data, date, ip, block, top from topic where code = ? and top = 'O' order by id + 0 asc"
+                ), [
+                    topic_num
+                ])
+
+            data = curs.fetchall()
+            if data:
+                data_a = {}
+                admin = admin_check(3)
+
+                curs.execute(db_change("select ip from topic where code = ? order by id + 0 asc limit 1"), [topic_num])
+                data_f = curs.fetchall()
+                data_f = data_f[0][0] if data_f else ''
+                data_a['data_main'] = {
+                    "ip_first" : ip_pas(data_f, 1),
+                    "admin" : str(admin)
+                }
+
+                ip_a = ip_pas([i[3] for i in data])
+                ip_a_2 = ip_pas([i[3] for i in data], 1)
+                for i in data:
+                    data_v = i[1] if i[4] != 'O' or admin == 1 else ''
+
+                    data_a[i[0]] = {
+                        "data" : data_v,
+                        "date" : i[2],
+                        "ip" : ip_a_2[i[3]],
+                        "blind" : i[4],
+
+                        "ip_pas" : ip_a[i[3]],
+                        "data_pas" : render_set(
+                            doc_data = data_v, 
+                            data_type = 'api_view',
+                            data_in = 'topic_' + topic_num + '_' + i[0],
+                            doc_acl = 0
+                        )
+                    }
+
+                return flask.jsonify(data_a)
+            else:
+                return flask.jsonify({})
+        else:
+            return flask.jsonify({})

route/api_topic_sub.py

@@ -1,65 +0,0 @@
-from .tool.func import *
-
-def api_topic_sub(topic_num = 1, tool = 'normal', num = ''):
-    with get_db_connect() as conn:
-        curs = conn.cursor()
-
-        topic_num = str(topic_num)
-
-        if tool == 'normal':
-            if num != '':
-                curs.execute(db_change(
-                    "select id, data, date, ip, block, top from topic where code = ? and id + 0 = ? + 0 order by id + 0 asc"
-                ), [
-                    topic_num,
-                    num
-                ])
-            else:
-                curs.execute(db_change(
-                    "select id, data, date, ip, block, top from topic where code = ? order by id + 0 asc"
-                ), [
-                    topic_num
-                ]) 
-        else:
-            curs.execute(db_change(
-                "select id, data, date, ip, block, top from topic where code = ? and top = 'O' order by id + 0 asc"
-            ), [
-                topic_num
-            ])
-            
-        data = curs.fetchall()
-        if data:
-            data_a = {}
-            admin = admin_check(3)
-
-            curs.execute(db_change("select ip from topic where code = ? order by id + 0 asc limit 1"), [topic_num])
-            data_f = curs.fetchall()
-            data_f = data_f[0][0] if data_f else ''
-            data_a['data_main'] = {
-                "ip_first" : ip_pas(data_f, 1),
-                "admin" : str(admin)
-            }
-
-            ip_a = ip_pas([i[3] for i in data])
-            ip_a_2 = ip_pas([i[3] for i in data], 1)
-            for i in data:
-                data_v = i[1] if i[4] != 'O' or admin == 1 else ''
-
-                data_a[i[0]] = {
-                    "data" : data_v,
-                    "date" : i[2],
-                    "ip" : ip_a_2[i[3]],
-                    "blind" : i[4],
-
-                    "ip_pas" : ip_a[i[3]],
-                    "data_pas" : render_set(
-                        doc_data = data_v, 
-                        data_type = 'api_view',
-                        data_in = 'topic_' + topic_num + '_' + i[0],
-                        doc_acl = 0
-                    )
-                }
-
-            return flask.jsonify(data_a)
-        else:
-            return flask.jsonify({})

route/tool/func.py

@@ -1499,6 +1499,12 @@ def acl_check(name = 'test', tool = '', topic_num = '1'):
                     'select data from other where name = "discussion"'
                 ))
 
+            num = 3
+        elif tool == 'topic_view':
+            curs.execute(db_change("select set_data from topic_set where thread_code = ? and set_name = 'thread_view_acl'"), [
+                topic_num
+            ])
+            
             num = 3
         elif tool == 'upload':
             curs.execute(db_change(

route/topic.py

@@ -32,7 +32,10 @@ def topic(topic_num = 0):
                 else:
                     return redirect('/')
 
-        ban = acl_check(name, 'topic', topic_num)
+        topic_acl = acl_check('', 'topic', topic_num)
+        topic_view_acl = acl_check('', 'topic_view', topic_num)
+        if topic_view_acl == 1:
+            return re_error('/ban')
 
         if flask.request.method == 'POST':
             if flask.request.form.get('content', 'Test') == '':
@@ -46,7 +49,7 @@ def topic(topic_num = 0):
             ip = ip_check()
             today = get_time()
 
-            if ban == 1:
+            if topic_acl == 1:
                 return re_error('/ban')
 
             curs.execute(db_change("select id from topic where code = ? order by id + 0 desc limit 1"), [topic_num])
@@ -110,7 +113,7 @@ def topic(topic_num = 0):
 
             return redirect('/thread/' + topic_num + '#' + num)
         else:
-            display = 'display: none;' if ban == 1 else ''
+            display = 'display: none;' if topic_acl == 1 else ''
             data_input_topic_name = ''
             if topic_num == '0':
                 data_input_topic_name = '' + \

route/topic_comment_blind.py

@@ -3,10 +3,10 @@ from .tool.func import *
 def topic_comment_blind(topic_num = 1, num = 1):
     with get_db_connect() as conn:
         curs = conn.cursor()
-
+        
         topic_num = str(topic_num)
         num = str(num)
-
+        
         if admin_check(3, 'blind (code ' + topic_num + '#' + num + ')') != 1:
             return re_error('/error/3')
 

route/topic_comment_notice.py

@@ -3,10 +3,10 @@ from .tool.func import *
 def topic_comment_notice(topic_num = 1, num = 1):
     with get_db_connect() as conn:
         curs = conn.cursor()
-
+        
         topic_num = str(topic_num)
         num = str(num)
-
+        
         if admin_check(3, 'notice (code ' + topic_num + '#' + num + ')') != 1:
             return re_error('/error/3')
 

route/topic_comment_tool.py

@@ -3,9 +3,12 @@ from .tool.func import *
 def topic_comment_tool(topic_num = 1, num = 1):
     with get_db_connect() as conn:
         curs = conn.cursor()
-
+        
         num = str(num)
         topic_num = str(topic_num)
+        
+        if acl_check('', 'topic_view', topic_num) == 1:
+            return re_error('/ban')
 
         curs.execute(db_change("select block, ip, date from topic where code = ? and id = ?"), [topic_num, num])
         data = curs.fetchall()

route/topic_list.py

@@ -36,7 +36,7 @@ def topic_list(name = 'Test'):
             t_data = curs.fetchall()
 
             div += '''
-                <h2><a href="/thread/''' + data[0] + '">' + html.escape(data[0] + '. ' + data[1]) + '''</a></h2>
+                <h2><a href="/thread/''' + data[0] + '">' + data[0] + '. ' + html.escape(data[1]) + '''</a></h2>
                 <div id="topic_pre_''' + data[0] + '''"></div>
                 <div id="topic_back_pre_''' + data[0] + '''"></div>
                 <script>

route/topic_tool.py

@@ -16,11 +16,31 @@ def topic_tool(topic_num = 1):
                 t_state = 'Close'
             else:
                 t_state = 'Normal'
+                
+            if close_data[0][1] == 'O':
+                t_state += ' (Agree)'
         else:
             t_state = 'Normal'
 
         curs.execute(db_change("select acl from rd where code = ?"), [topic_num])
-        topic_acl_get = curs.fetchall()
+        db_data = curs.fetchall()
+        if db_data:
+            if db_data[0][0] == '':
+                acl_state = 'Normal'
+            else:
+                acl_state = db_data[0][0]
+        else:
+            acl_state = 'Normal'
+        
+        curs.execute(db_change("select set_data from topic_set where thread_code = ? and set_name = 'thread_view_acl'"), [topic_num])
+        db_data = curs.fetchall()
+        if db_data:
+            if db_data[0][0] == '':
+                acl_view_state = 'Normal'
+            else:
+                acl_view_state = db_data[0][0]
+        else:
+            acl_view_state = 'Normal'
 
         if admin_check(3) == 1:
             data = '''
@@ -33,8 +53,9 @@ def topic_tool(topic_num = 1):
         data += '''
             <h2>''' + load_lang('tool') + '''</h2>
             <ul class="inside_ul">
-                <li>''' + load_lang('topic_state') + ''' : ''' + t_state + '' + (' (Agree)' if close_data and (close_data[0][1] == 'O') else '') + '''</li>
-                <li>''' + load_lang('topic_acl') + ''' : <a href="/acl/TEST#exp">''' + ('Normal' if not topic_acl_get or (topic_acl_get[0][0] == '') else topic_acl_get[0][0]) + '''</a></li>
+                <li>''' + load_lang('topic_state') + ''' : ''' + t_state + '''</li>
+                <li>''' + load_lang('topic_acl') + ''' : <a href="/acl/TEST#exp">''' + acl_state + '''</a></li>
+                <li>''' + load_lang('topic_view_acl') + ''' : <a href="/acl/TEST#exp">''' + acl_view_state + '''</a></li>
             </ul>
         '''
 

route/topic_tool_acl.py

@@ -26,9 +26,22 @@ def topic_tool_acl(topic_num = 1):
                 acl_data_view = flask.request.form.get('acl_view', '')
 
                 curs.execute(db_change("update rd set acl = ? where code = ?"), [
-                    acl_data,
+                    acl_data, 
                     topic_num
                 ])
+                
+                curs.execute(db_change("select set_data from topic_set where thread_code = ? and set_name = 'thread_view_acl'"), [topic_num])
+                db_data = curs.fetchall()
+                if db_data:
+                    curs.execute(db_change("update topic_set set set_data = ? where thread_code = ?"), [
+                        acl_data_view,
+                        topic_num
+                    ])
+                else:
+                    curs.execute(db_change("insert into topic_set (thread_code, set_name, set_id, set_data) values (?, 'thread_view_acl', '1', ?)"), [
+                        topic_num,
+                        acl_data_view
+                    ])
 
                 curs.execute(db_change("insert into topic (id, data, date, ip, top, code) values (?, ?, ?, ?, '1', ?)"), [
                     str(int(topic_check[0][0]) + 1),

route/view_raw.py

@@ -4,11 +4,14 @@ def view_raw_2(name = None, topic_num = None, num = None, doc_acl = 0):
     with get_db_connect() as conn:
         curs = conn.cursor()
 
-        if acl_check(name, 'render') == 1:
-            return re_error('/ban')
-
         if topic_num:
             topic_num = str(topic_num)
+            
+            if acl_check('', 'topic_view', topic_num) == 1:
+                return re_error('/ban')
+        else:
+            if acl_check(name, 'render') == 1:
+                return re_error('/ban')
 
         if num:
             num = str(num)

version.json

@@ -1,6 +1,6 @@
 {
     "beta" : {
-        "r_ver" : "v3.4.5 (stable2) (beta3) (dev16)",
+        "r_ver" : "v3.4.5 (stable2) (beta3) (dev17)",
         "c_ver" : "3500108",
         "s_ver" : "3500110"
     }