Merge pull request #2 from po5/priv-view-unsafe-posts

server: prevent cache key collision
2025-07-17 08:26:24 +00:00 · 2025-03-26 19:15:33 +00:00
parent 7e09f39cb9 928f949e9e
commit 33a3807369
2 changed files with 9 additions and 1 deletions
--- a/server/szurubooru/search/configs/post_search_config.py
+++ b/server/szurubooru/search/configs/post_search_config.py
@ -228,6 +228,11 @@ class PostSearchConfig(BaseSearchConfig):
            )
        return query.order_by(model.Post.post_id.desc())

+
+    @property
+    def can_list_unsafe(self) -> bool:
+        return self.user and auth.has_privilege(self.user, "posts:list:unsafe")
+
    @property
    def id_column(self) -> SaColumn:
        return model.Post.post_id
--- a/server/szurubooru/search/executor.py
+++ b/server/szurubooru/search/executor.py
@ -93,7 +93,10 @@ class Executor:
            if token.name == "random":
                disable_eager_loads = True

-        key = (id(self.config), hash(search_query), offset, limit)
+
+        can_list_unsafe = getattr(self.config, "can_list_unsafe", False)
+
+        key = (id(self.config), hash(search_query), offset, limit, can_list_unsafe)
        if cache.has(key):
            return cache.get(key)