mirror of
https://github.com/LemmyNet/lemmy
synced 2024-11-22 12:33:09 +00:00
Add check so only author or mods can edit posts/comments
This commit is contained in:
parent
a2698dea92
commit
803aad3b3e
4 changed files with 36 additions and 4 deletions
|
@ -148,7 +148,8 @@ pub(crate) async fn community_receive_message(
|
|||
true
|
||||
}
|
||||
CommunityValidTypes::Update => {
|
||||
receive_update_for_community(context, any_base.clone(), &actor_url, request_counter).await?;
|
||||
receive_update_for_community(context, any_base.clone(), None, &actor_url, request_counter)
|
||||
.await?;
|
||||
true
|
||||
}
|
||||
CommunityValidTypes::Like => {
|
||||
|
|
|
@ -112,6 +112,7 @@ pub(in crate::inbox) async fn receive_create_for_community(
|
|||
pub(in crate::inbox) async fn receive_update_for_community(
|
||||
context: &LemmyContext,
|
||||
activity: AnyBase,
|
||||
announce: Option<Announce>,
|
||||
expected_domain: &Url,
|
||||
request_counter: &mut i32,
|
||||
) -> Result<(), LemmyError> {
|
||||
|
@ -119,6 +120,28 @@ pub(in crate::inbox) async fn receive_update_for_community(
|
|||
verify_activity_domains_valid(&update, &expected_domain, true)?;
|
||||
verify_is_addressed_to_public(&update)?;
|
||||
|
||||
// Check that actor is the creator (or a mod)
|
||||
let actor = update
|
||||
.actor()?
|
||||
.to_owned()
|
||||
.single_xsd_any_uri()
|
||||
.context(location_info!())?;
|
||||
let actor = get_or_fetch_and_upsert_user(&actor, context, request_counter).await?;
|
||||
let object_id = update
|
||||
.object()
|
||||
.as_one()
|
||||
.map(|o| o.id())
|
||||
.flatten()
|
||||
.context(location_info!())?;
|
||||
let original_author = match find_post_or_comment_by_id(context, object_id.to_owned()).await? {
|
||||
PostOrComment::Post(p) => p.creator_id,
|
||||
PostOrComment::Comment(c) => c.creator_id,
|
||||
};
|
||||
if actor.id != original_author {
|
||||
let community = extract_community_from_cc(&update, context).await?;
|
||||
verify_mod_activity(&update, announce, &community, context).await?;
|
||||
}
|
||||
|
||||
let kind = update
|
||||
.object()
|
||||
.as_single_kind_str()
|
||||
|
@ -522,7 +545,7 @@ async fn verify_mod_activity<T, Kind>(
|
|||
context: &LemmyContext,
|
||||
) -> Result<(), LemmyError>
|
||||
where
|
||||
T: ActorAndObjectRef + OptTargetRef + BaseExt<Kind>,
|
||||
T: ActorAndObjectRef + BaseExt<Kind>,
|
||||
{
|
||||
// Remove was sent by community to user, we just check that it came from the right domain
|
||||
if let Some(announce) = announce {
|
||||
|
@ -535,6 +558,7 @@ where
|
|||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn verify_add_remove_moderator_target<T, Kind>(
|
||||
activity: &T,
|
||||
community: &Community,
|
||||
|
|
|
@ -289,7 +289,14 @@ pub async fn receive_announce(
|
|||
receive_create_for_community(context, inner_activity, &inner_id, request_counter).await
|
||||
}
|
||||
Some(Update) => {
|
||||
receive_update_for_community(context, inner_activity, &inner_id, request_counter).await
|
||||
receive_update_for_community(
|
||||
context,
|
||||
inner_activity,
|
||||
Some(announce),
|
||||
&inner_id,
|
||||
request_counter,
|
||||
)
|
||||
.await
|
||||
}
|
||||
Some(Like) => {
|
||||
receive_like_for_community(context, inner_activity, &inner_id, request_counter).await
|
||||
|
|
|
@ -87,7 +87,7 @@ services:
|
|||
- ./volumes/postgres_beta:/var/lib/postgresql/data
|
||||
|
||||
lemmy-gamma-ui:
|
||||
image: dessalines/lemmy-ui:0.9.9
|
||||
image: lemmy-ui:test
|
||||
environment:
|
||||
- LEMMY_INTERNAL_HOST=lemmy-gamma:8561
|
||||
- LEMMY_EXTERNAL_HOST=localhost:8561
|
||||
|
|
Loading…
Reference in a new issue