Adding admin/mod checks for ban and comment removal.

This commit is contained in:
Dessalines 2024-06-21 18:10:48 -04:00
parent 3ae8e98f3c
commit 185105b031
6 changed files with 54 additions and 11 deletions

View file

@ -4,7 +4,12 @@ use lemmy_api_common::{
community::{BanFromCommunity, BanFromCommunityResponse},
context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_mod_action, check_expire_time, remove_user_data_in_community},
utils::{
check_community_mod_action,
check_expire_time,
check_is_higher_mod,
remove_user_data_in_community,
},
};
use lemmy_db_schema::{
source::{
@ -44,6 +49,14 @@ pub async fn ban_from_community(
)
.await?;
check_is_higher_mod(
&mut context.pool(),
&local_user_view,
data.community_id,
&[data.person_id],
)
.await?;
if let Some(reason) = &data.reason {
is_valid_body_field(reason, false)?;
}

View file

@ -5,7 +5,7 @@ use lemmy_api_common::{
context::LemmyContext,
person::{BanPerson, BanPersonResponse},
send_activity::{ActivityChannel, SendActivityData},
utils::{check_expire_time, is_admin, remove_user_data},
utils::{check_expire_time, check_is_higher_admin, is_admin, remove_user_data},
};
use lemmy_db_schema::{
source::{
@ -31,6 +31,9 @@ pub async fn ban_from_site(
// Make sure user is an admin
is_admin(&local_user_view)?;
// Also make sure you're a higher admin than the target
check_is_higher_admin(&mut context.pool(), &local_user_view, &[data.person_id]).await?;
if let Some(reason) = &data.reason {
is_valid_body_field(reason, false)?;
}

View file

@ -178,6 +178,25 @@ pub async fn check_is_higher_admin(
Ok(())
}
/// Checks to make sure the acting admin is higher than the target admin.
/// This needs to be done on admin removals, and all purge functions
pub async fn check_is_higher_mod_or_admin(
pool: &mut DbPool<'_>,
local_user_view: &LocalUserView,
community_id: CommunityId,
target_person_ids: &[PersonId],
) -> LemmyResult<()> {
let higher_admin_check = check_is_higher_admin(pool, local_user_view, target_person_ids).await;
let higher_mod_check =
check_is_higher_mod(pool, local_user_view, community_id, target_person_ids).await;
if higher_mod_check.is_ok() || higher_admin_check.is_ok() {
Ok(())
} else {
Err(LemmyErrorType::NotHigherMod)?
}
}
/// Marks a post as read for a given person.
#[tracing::instrument(skip_all)]
pub async fn mark_post_as_read(

View file

@ -5,7 +5,7 @@ use lemmy_api_common::{
comment::{CommentResponse, RemoveComment},
context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData},
utils::check_community_mod_action,
utils::{check_community_mod_action, check_is_higher_mod_or_admin},
};
use lemmy_db_schema::{
source::{
@ -37,6 +37,14 @@ pub async fn remove_comment(
)
.await?;
check_is_higher_mod_or_admin(
&mut context.pool(),
&local_user_view,
orig_comment.community.id,
&[orig_comment.creator.id],
)
.await?;
// Don't allow removing or restoring comment which was deleted by user, as it would reveal
// the comment text in mod log.
if orig_comment.comment.deleted {

View file

@ -241,7 +241,7 @@ impl CommunityModerator {
for_community_id: CommunityId,
mod_person_id: PersonId,
target_person_ids: &[PersonId],
) -> Result<bool, Error> {
) -> Result<(), Error> {
let conn = &mut get_conn(pool).await?;
// Build the list of persons
@ -259,7 +259,7 @@ impl CommunityModerator {
// If the first result sorted by published is the acting mod
if res.person_id == mod_person_id {
Ok(true)
Ok(())
} else {
Err(diesel::result::Error::NotFound)
}
@ -554,8 +554,8 @@ mod tests {
inserted_bobby.id,
&moderator_person_ids,
)
.await?;
assert!(bobby_higher_check);
.await;
assert!(bobby_higher_check.is_ok());
// This should throw an error, since artemis was added later
let artemis_higher_check = CommunityModerator::is_higher_mod_check(

View file

@ -221,7 +221,7 @@ impl LocalUser {
pool: &mut DbPool<'_>,
admin_person_id: PersonId,
target_person_ids: &[PersonId],
) -> Result<bool, Error> {
) -> Result<(), Error> {
let conn = &mut get_conn(pool).await?;
// Build the list of persons
@ -239,7 +239,7 @@ impl LocalUser {
// If the first result sorted by published is the acting mod
if res.person_id == admin_person_id {
Ok(true)
Ok(())
} else {
Err(diesel::result::Error::NotFound)
}
@ -346,8 +346,8 @@ mod tests {
// Make sure fiona is marked as a higher admin than delores, and vice versa
let fiona_higher_check =
LocalUser::is_higher_admin_check(pool, inserted_fiona_person.id, &admin_person_ids).await?;
assert!(fiona_higher_check);
LocalUser::is_higher_admin_check(pool, inserted_fiona_person.id, &admin_person_ids).await;
assert!(fiona_higher_check.is_ok());
// This should throw an error, since delores was added later
let delores_higher_check =