modified: web/app.py

modified: web/blueprints/group_admin.py modified: web/panel_db.py modified: web/templates/group_admin/privacy_policy.html
2026-04-17 12:04:00 +02:00
parent 2dbd5340a8
commit cd9a46b403
4 changed files with 59 additions and 18 deletions
--- a/web/app.py
+++ b/web/app.py
@@ -148,14 +148,19 @@ def create_app() -> Flask:
            policy_version=Config.PRIVACY_POLICY_VERSION,
        )

-    @app.route("/policy/<int:group_id>")
-    def public_group_policy(group_id):
-        """Public, unauthenticated URL for a group's server privacy policy."""
+    @app.route("/policy/<token>")
+    def public_group_policy(token):
+        """Public, unauthenticated URL for a group's server privacy policy.
+
+        The token is an opaque UUID so the group ID is never exposed.
+        """
        import panel_db as db
-        policy = db.get_group_policy(group_id)
-        group  = db.get_group_by_id(group_id)
-        if not group:
-            return "Group not found", 404
+        row = db.get_group_policy_by_token(token)
+        if not row:
+            return render_template("404.html"), 404
+        # Build lightweight dicts that the template expects
+        policy = row
+        group  = {"name": row["group_name"]}
        return render_template("group_policy.html", policy=policy, group=group)

    @app.errorhandler(400)