febc1d761f
## APIs Restricted for Restricted Users
A restricted user is blocked from performing the following actions, and will typically receive a `403 Forbidden` error:
* **Chat & Notifications:**
* Sending any chat messages (public or private).
* Joining or leaving chat channels.
* Creating new PM channels.
* **User Profile & Content:**
* Uploading a new avatar.
* Uploading a new profile cover image.
* Changing their username.
* Updating their userpage content.
* **Scores & Gameplay:**
* Submitting scores in multiplayer rooms.
* Deleting their own scores (to prevent hiding evidence of cheating).
* **Beatmaps:**
* Rating beatmaps.
* Taging beatmaps.
* **Relationship:**
* Adding friends or blocking users.
* Removing friends or unblocking users.
* **Teams:**
* Creating, updating, or deleting a team.
* Requesting to join a team.
* Handling join requests for a team they manage.
* Kicking a member from a team they manage.
* **Multiplayer:**
* Creating or deleting multiplayer rooms.
* Joining or leaving multiplayer rooms.
## What is Invisible to Normal Users
* **Leaderboards:**
* Beatmap leaderboards.
* Multiplayer (playlist) room leaderboards.
* **User Search/Lists:**
* Restricted users will not appear in the results of the `/api/v2/users` endpoint.
* They will not appear in the list of a team's members.
* **Relationship:**
* They will not appear in a user's friend list (`/friends`).
* **Profile & History:**
* Attempting to view a restricted user's profile, events, kudosu history, or score history will result in a `404 Not Found` error, effectively making their profile invisible (unless the user viewing the profile is the restricted user themselves).
* **Chat:**
* Normal users cannot start a new PM with a restricted user (they will get a `404 Not Found` error).
* **Ranking:**
* Restricted users are excluded from any rankings.
### How to Restrict a User
Insert into `user_account_history` with `type=restriction`.
```sql
-- length is in seconds
INSERT INTO user_account_history (`description`, `length`, `permanent`, `timestamp`, `type`, `user_id`) VALUE ('some description', 86400, 0, '2025-10-05 01:00:00', 'RESTRICTION', 1);
```
---
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
51 lines
1.6 KiB
Python
51 lines
1.6 KiB
Python
from app.config import settings
|
||
from app.database.score import Score
|
||
from app.dependencies.database import Database, Redis
|
||
from app.dependencies.storage import StorageService
|
||
from app.dependencies.user import ClientUser
|
||
from app.service.user_cache_service import refresh_user_cache_background
|
||
|
||
from .router import router
|
||
|
||
from fastapi import BackgroundTasks, HTTPException
|
||
|
||
if settings.allow_delete_scores:
|
||
|
||
@router.delete(
|
||
"/score/{score_id}",
|
||
name="删除指定ID的成绩",
|
||
tags=["成绩", "g0v0 API"],
|
||
status_code=204,
|
||
)
|
||
async def delete_score(
|
||
session: Database,
|
||
background_task: BackgroundTasks,
|
||
score_id: int,
|
||
redis: Redis,
|
||
current_user: ClientUser,
|
||
storage_service: StorageService,
|
||
):
|
||
"""删除成绩
|
||
|
||
删除成绩,同时删除对应的统计信息、排行榜分数、pp、回放文件
|
||
|
||
参数:
|
||
- score_id: 成绩ID
|
||
|
||
错误情况:
|
||
- 404: 找不到指定成绩
|
||
"""
|
||
if await current_user.is_restricted(session):
|
||
# avoid deleting the evidence of cheating
|
||
raise HTTPException(status_code=403, detail="Your account is restricted and cannot perform this action.")
|
||
|
||
score = await session.get(Score, score_id)
|
||
if not score or score.user_id != current_user.id:
|
||
raise HTTPException(status_code=404, detail="找不到指定成绩")
|
||
|
||
gamemode = score.gamemode
|
||
user_id = score.user_id
|
||
await score.delete(session, storage_service)
|
||
await session.commit()
|
||
background_task.add_task(refresh_user_cache_background, redis, user_id, gamemode)
|