From d1cde8f63ea959315772358a812e515aa4d6c10b Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Mon, 7 Dec 2020 10:05:22 -0800
Subject: [PATCH] only show images which are tied to approved posts

---
 suchwow/routes/post.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/suchwow/routes/post.py b/suchwow/routes/post.py
index 372f247..3b1926f 100644
--- a/suchwow/routes/post.py
+++ b/suchwow/routes/post.py
@@ -73,7 +73,7 @@ def create():
         if file.filename == "":
             flash("You didn't upload a caliente meme, bro! You're fuckin up!")
             return redirect(request.url)
-        if post_title is "":
+        if post_title == "":
             flash("You didn't give your meme a spicy title, bro! You're fuckin up!")
             return redirect(request.url)
         if file and allowed_file(file.filename):
@@ -139,4 +139,10 @@ def delete(id):
 @bp.route("/uploads/<path:filename>")
 def uploaded_file(filename):
     file_path = path.join(current_app.config["DATA_FOLDER"], "uploads")
-    return send_from_directory(file_path, filename)
+    post = Post.select().where(Post.image_name==filename).first()
+    is_mod = is_moderator(get_session_user())
+    if is_mod or post.approved:
+        return send_from_directory(file_path, filename)
+    else:
+        flash("This image not available to view.")
+        return redirect(url_for("index"))