Merge branch 'main' into release/v0.19

.woodpecker.yml

@@ -2,9 +2,14 @@
 # See https://github.com/woodpecker-ci/woodpecker/issues/1677
 
 variables:
-  - &rust_image "rust:1.78"
+  - &rust_image "rust:1.80"
   - &rust_nightly_image "rustlang/rust:nightly"
   - &install_pnpm "corepack enable pnpm"
+  - &install_binstall "wget -O- https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz | tar -xvz -C /usr/local/cargo/bin"
+  - install_diesel_cli: &install_diesel_cli
+      - apt-get update && apt-get install -y postgresql-client
+      - cargo install diesel_cli --no-default-features --features postgres
+      - export PATH="$CARGO_HOME/bin:$PATH"
   - &slow_check_paths
     - event: pull_request
       path:
@@ -25,17 +30,6 @@ variables:
             "diesel.toml",
             ".gitmodules",
           ]
-  - install_binstall: &install_binstall
-      - wget https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz
-      - tar -xvf cargo-binstall-x86_64-unknown-linux-musl.tgz
-      - cp cargo-binstall /usr/local/cargo/bin
-  - install_diesel_cli: &install_diesel_cli
-      - apt update && apt install -y lsb-release build-essential
-      - sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
-      - wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
-      - apt update && apt install -y postgresql-client-16
-      - cargo install diesel_cli --no-default-features --features postgres
-      - export PATH="$CARGO_HOME/bin:$PATH"
 
 steps:
   prepare_repo:
@@ -82,7 +76,7 @@ steps:
   cargo_machete:
     image: *rust_nightly_image
     commands:
-      - <<: *install_binstall
+      - *install_binstall
       - cargo binstall -y cargo-machete
       - cargo machete
     when:
@@ -204,11 +198,6 @@ steps:
       - <<: *install_diesel_cli
       # Run all migrations
       - diesel migration run
-      # Dump schema to before.sqldump (PostgreSQL apt repo is used to prevent pg_dump version mismatch error)
-      - apt update && apt install -y lsb-release
-      - sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
-      - wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
-      - apt update && apt install -y postgresql-client-16
       - psql -c "DROP SCHEMA IF EXISTS r CASCADE;"
       - pg_dump --no-owner --no-privileges --no-table-access-method --schema-only --no-sync -f before.sqldump
       # Make sure that the newest migration is revertable without the `r` schema
@@ -232,7 +221,7 @@ steps:
       DO_WRITE_HOSTS_FILE: "1"
     commands:
       - *install_pnpm
-      - apt update && apt install -y bash curl postgresql-client
+      - apt-get update && apt-get install -y bash curl postgresql-client
       - bash api_tests/prepare-drone-federation-test.sh
       - cd api_tests/
       - pnpm i
@@ -279,7 +268,7 @@ steps:
   publish_to_crates_io:
     image: *rust_image
     commands:
-      - <<: *install_binstall
+      - *install_binstall
       # Install cargo-workspaces
       - cargo binstall -y cargo-workspaces
       - cp -r migrations crates/db_schema/
@@ -307,7 +296,8 @@ steps:
 
 services:
   database:
-    image: postgres:16-alpine
+    # 15-alpine image necessary because of diesel tests
+    image: pgautoupgrade/pgautoupgrade:15-alpine
     environment:
       POSTGRES_USER: lemmy
       POSTGRES_PASSWORD: password

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace.package]
-version = "0.19.5"
+version = "0.19.6-beta.7"
 edition = "2021"
 description = "A link aggregator for the fediverse"
 license = "AGPL-3.0"
@@ -86,28 +86,29 @@ suspicious = { level = "deny", priority = -1 }
 uninlined_format_args = "allow"
 unused_self = "deny"
 unwrap_used = "deny"
+unimplemented = "deny"
 
 [workspace.dependencies]
-lemmy_api = { version = "=0.19.5", path = "./crates/api" }
-lemmy_api_crud = { version = "=0.19.5", path = "./crates/api_crud" }
-lemmy_apub = { version = "=0.19.5", path = "./crates/apub" }
-lemmy_utils = { version = "=0.19.5", path = "./crates/utils", default-features = false }
-lemmy_db_schema = { version = "=0.19.5", path = "./crates/db_schema" }
-lemmy_api_common = { version = "=0.19.5", path = "./crates/api_common" }
-lemmy_routes = { version = "=0.19.5", path = "./crates/routes" }
-lemmy_db_views = { version = "=0.19.5", path = "./crates/db_views" }
-lemmy_db_views_actor = { version = "=0.19.5", path = "./crates/db_views_actor" }
-lemmy_db_views_moderator = { version = "=0.19.5", path = "./crates/db_views_moderator" }
-lemmy_federate = { version = "=0.19.5", path = "./crates/federate" }
-activitypub_federation = { version = "0.5.6", default-features = false, features = [
+lemmy_api = { version = "=0.19.6-beta.7", path = "./crates/api" }
+lemmy_api_crud = { version = "=0.19.6-beta.7", path = "./crates/api_crud" }
+lemmy_apub = { version = "=0.19.6-beta.7", path = "./crates/apub" }
+lemmy_utils = { version = "=0.19.6-beta.7", path = "./crates/utils", default-features = false }
+lemmy_db_schema = { version = "=0.19.6-beta.7", path = "./crates/db_schema" }
+lemmy_api_common = { version = "=0.19.6-beta.7", path = "./crates/api_common" }
+lemmy_routes = { version = "=0.19.6-beta.7", path = "./crates/routes" }
+lemmy_db_views = { version = "=0.19.6-beta.7", path = "./crates/db_views" }
+lemmy_db_views_actor = { version = "=0.19.6-beta.7", path = "./crates/db_views_actor" }
+lemmy_db_views_moderator = { version = "=0.19.6-beta.7", path = "./crates/db_views_moderator" }
+lemmy_federate = { version = "=0.19.6-beta.7", path = "./crates/federate" }
+activitypub_federation = { version = "0.5.8", default-features = false, features = [
   "actix-web",
 ] }
 diesel = "2.1.6"
 diesel_migrations = "2.1.0"
 diesel-async = "0.4.1"
-serde = { version = "1.0.203", features = ["derive"] }
-serde_with = "3.8.1"
-actix-web = { version = "4.6.0", default-features = false, features = [
+serde = { version = "1.0.204", features = ["derive"] }
+serde_with = "3.9.0"
+actix-web = { version = "4.8.0", default-features = false, features = [
   "macros",
   "rustls-0_23",
   "compress-brotli",
@@ -120,32 +121,35 @@ tracing-actix-web = { version = "0.7.11", default-features = false }
 tracing-error = "0.2.0"
 tracing-log = "0.2.0"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
-url = { version = "2.5.0", features = ["serde"] }
-reqwest = { version = "0.11.27", features = ["json", "blocking", "gzip"] }
+url = { version = "2.5.2", features = ["serde"] }
+reqwest = { version = "0.11.27", default-features = false, features = [
+  "json",
+  "blocking",
+  "gzip",
+  "rustls-tls",
+] }
 reqwest-middleware = "0.2.5"
 reqwest-tracing = "0.4.8"
 clokwerk = "0.4.0"
 doku = { version = "0.21.1", features = ["url-2"] }
 bcrypt = "0.15.1"
 chrono = { version = "0.4.38", features = ["serde"], default-features = false }
-serde_json = { version = "1.0.117", features = ["preserve_order"] }
+serde_json = { version = "1.0.121", features = ["preserve_order"] }
 base64 = "0.22.1"
-uuid = { version = "1.8.0", features = ["serde", "v4"] }
-async-trait = "0.1.80"
+uuid = { version = "1.10.0", features = ["serde", "v4"] }
+async-trait = "0.1.81"
 captcha = "0.0.9"
 anyhow = { version = "1.0.86", features = [
   "backtrace",
 ] } # backtrace is on by default on nightly, but not stable rust
 diesel_ltree = "0.3.1"
-typed-builder = "0.18.2"
+typed-builder = "0.19.1"
 serial_test = "3.1.1"
-tokio = { version = "1.38.0", features = ["full"] }
-regex = "1.10.4"
-once_cell = "1.19.0"
+tokio = { version = "1.39.2", features = ["full"] }
+regex = "1.10.5"
 diesel-derive-newtype = "2.1.2"
 diesel-derive-enum = { version = "2.1.0", features = ["postgres"] }
-strum = "0.26.2"
-strum_macros = "0.26.4"
+strum = { version = "0.26.3", features = ["derive"] }
 itertools = "0.13.0"
 futures = "0.3.30"
 http = "0.2.12"
@@ -157,17 +161,17 @@ ts-rs = { version = "7.1.1", features = [
   "chrono-impl",
   "no-serde-warnings",
 ] }
-rustls = { version = "0.23.9", features = ["ring"] }
+rustls = { version = "0.23.12", features = ["ring"] }
 futures-util = "0.3.30"
-tokio-postgres = "0.7.10"
+tokio-postgres = "0.7.11"
 tokio-postgres-rustls = "0.12.0"
 urlencoding = "2.1.3"
 enum-map = "2.7"
-moka = { version = "0.12.7", features = ["future"] }
+moka = { version = "0.12.8", features = ["future"] }
 i-love-jesus = { version = "0.1.0" }
-clap = { version = "4.5.6", features = ["derive", "env"] }
+clap = { version = "4.5.13", features = ["derive", "env"] }
 pretty_assertions = "1.4.0"
-derive-new = "0.6.0"
+derive-new = "0.7.0"
 
 [dependencies]
 lemmy_api = { workspace = true }
@@ -195,9 +199,10 @@ clokwerk = { workspace = true }
 serde_json = { workspace = true }
 tracing-opentelemetry = { workspace = true, optional = true }
 opentelemetry = { workspace = true, optional = true }
-console-subscriber = { version = "0.3.0", optional = true }
+console-subscriber = { version = "0.4.0", optional = true }
 opentelemetry-otlp = { version = "0.12.0", optional = true }
-pict-rs = { version = "0.5.15", optional = true }
+pict-rs = { version = "0.5.16", optional = true }
+rustls = { workspace = true }
 tokio.workspace = true
 actix-cors = "0.7.0"
 futures-util = { workspace = true }

api_tests/.eslintrc.json

@@ -1,42 +0,0 @@
-{
-  "root": true,
-  "env": {
-    "browser": true
-  },
-  "plugins": ["@typescript-eslint"],
-  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
-  "parser": "@typescript-eslint/parser",
-  "parserOptions": {
-    "project": "./tsconfig.json",
-    "warnOnUnsupportedTypeScriptVersion": false
-  },
-  "rules": {
-    "@typescript-eslint/ban-ts-comment": 0,
-    "@typescript-eslint/no-explicit-any": 0,
-    "@typescript-eslint/explicit-module-boundary-types": 0,
-    "@typescript-eslint/no-var-requires": 0,
-    "arrow-body-style": 0,
-    "curly": 0,
-    "eol-last": 0,
-    "eqeqeq": 0,
-    "func-style": 0,
-    "import/no-duplicates": 0,
-    "max-statements": 0,
-    "max-params": 0,
-    "new-cap": 0,
-    "no-console": 0,
-    "no-duplicate-imports": 0,
-    "no-extra-parens": 0,
-    "no-return-assign": 0,
-    "no-throw-literal": 0,
-    "no-trailing-spaces": 0,
-    "no-unused-expressions": 0,
-    "no-useless-constructor": 0,
-    "no-useless-escape": 0,
-    "no-var": 0,
-    "prefer-const": 0,
-    "prefer-rest-params": 0,
-    "quote-props": 0,
-    "unicorn/filename-case": 0
-  }
-}

api_tests/eslint.config.mjs

@@ -0,0 +1,56 @@
+import pluginJs from "@eslint/js";
+import tseslint from "typescript-eslint";
+
+export default [
+  pluginJs.configs.recommended,
+  ...tseslint.configs.recommended,
+  {
+    languageOptions: {
+      parser: tseslint.parser,
+    },
+  },
+  // For some reason this has to be in its own block
+  {
+    ignores: [
+      "putTypesInIndex.js",
+      "dist/*",
+      "docs/*",
+      ".yalc",
+      "jest.config.js",
+    ],
+  },
+  {
+    files: ["src/**/*"],
+    rules: {
+      "@typescript-eslint/no-empty-interface": 0,
+      "@typescript-eslint/no-empty-function": 0,
+      "@typescript-eslint/ban-ts-comment": 0,
+      "@typescript-eslint/no-explicit-any": 0,
+      "@typescript-eslint/explicit-module-boundary-types": 0,
+      "@typescript-eslint/no-var-requires": 0,
+      "arrow-body-style": 0,
+      curly: 0,
+      "eol-last": 0,
+      eqeqeq: 0,
+      "func-style": 0,
+      "import/no-duplicates": 0,
+      "max-statements": 0,
+      "max-params": 0,
+      "new-cap": 0,
+      "no-console": 0,
+      "no-duplicate-imports": 0,
+      "no-extra-parens": 0,
+      "no-return-assign": 0,
+      "no-throw-literal": 0,
+      "no-trailing-spaces": 0,
+      "no-unused-expressions": 0,
+      "no-useless-constructor": 0,
+      "no-useless-escape": 0,
+      "no-var": 0,
+      "prefer-const": 0,
+      "prefer-rest-params": 0,
+      "quote-props": 0,
+      "unicorn/filename-case": 0,
+    },
+  },
+];

api_tests/package.json

@@ -6,9 +6,9 @@
   "repository": "https://github.com/LemmyNet/lemmy",
   "author": "Dessalines",
   "license": "AGPL-3.0",
-  "packageManager": "pnpm@9.4.0",
+  "packageManager": "pnpm@9.9.0",
   "scripts": {
-    "lint": "tsc --noEmit && eslint --report-unused-disable-directives --ext .js,.ts,.tsx src && prettier --check 'src/**/*.ts'",
+    "lint": "tsc --noEmit && eslint --report-unused-disable-directives && prettier --check 'src/**/*.ts'",
     "fix": "prettier --write src && eslint --fix src",
     "api-test": "jest -i follow.spec.ts && jest -i image.spec.ts && jest -i user.spec.ts && jest -i private_message.spec.ts && jest -i community.spec.ts &&  jest -i post.spec.ts && jest -i comment.spec.ts ",
     "api-test-follow": "jest -i follow.spec.ts",
@@ -21,16 +21,16 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.12",
-    "@types/node": "^20.12.4",
-    "@typescript-eslint/eslint-plugin": "^7.5.0",
-    "@typescript-eslint/parser": "^7.5.0",
-    "download-file-sync": "^1.0.4",
-    "eslint": "^9.0.0",
+    "@types/node": "^22.0.2",
+    "@typescript-eslint/eslint-plugin": "^8.0.0",
+    "@typescript-eslint/parser": "^8.0.0",
+    "eslint": "^9.8.0",
     "eslint-plugin-prettier": "^5.1.3",
     "jest": "^29.5.0",
-    "lemmy-js-client": "0.19.4",
+    "lemmy-js-client": "0.19.5-alpha.1",
     "prettier": "^3.2.5",
     "ts-jest": "^29.1.0",
-    "typescript": "^5.4.4"
+    "typescript": "^5.5.4",
+    "typescript-eslint": "^8.0.0"
   }
 }

api_tests/prepare-drone-federation-test.sh

@@ -15,7 +15,7 @@ export LEMMY_TEST_FAST_FEDERATION=1 # by default, the persistent federation queu
 
 # pictrs setup
 if [ ! -f "api_tests/pict-rs" ]; then
-  curl "https://git.asonix.dog/asonix/pict-rs/releases/download/v0.5.13/pict-rs-linux-amd64" -o api_tests/pict-rs
+  curl "https://git.asonix.dog/asonix/pict-rs/releases/download/v0.5.16/pict-rs-linux-amd64" -o api_tests/pict-rs
   chmod +x api_tests/pict-rs
 fi
 ./api_tests/pict-rs \

api_tests/src/community.spec.ts

@@ -1,5 +1,6 @@
 jest.setTimeout(120000);
 
+import { AddModToCommunity } from "lemmy-js-client/dist/types/AddModToCommunity";
 import { CommunityView } from "lemmy-js-client/dist/types/CommunityView";
 import {
   alpha,
@@ -9,6 +10,7 @@ import {
   resolveCommunity,
   createCommunity,
   deleteCommunity,
+  delay,
   removeCommunity,
   getCommunity,
   followCommunity,
@@ -533,3 +535,41 @@ test("Content in local-only community doesn't federate", async () => {
     Error("couldnt_find_object"),
   );
 });
+
+test("Remote mods can edit communities", async () => {
+  let communityRes = await createCommunity(alpha);
+
+  let betaCommunity = await resolveCommunity(
+    beta,
+    communityRes.community_view.community.actor_id,
+  );
+  if (!betaCommunity.community) {
+    throw "Missing beta community";
+  }
+  let betaOnAlpha = await resolvePerson(alpha, "lemmy_beta@lemmy-beta:8551");
+
+  let form: AddModToCommunity = {
+    community_id: communityRes.community_view.community.id,
+    person_id: betaOnAlpha.person?.person.id as number,
+    added: true,
+  };
+  alpha.addModToCommunity(form);
+
+  let form2: EditCommunity = {
+    community_id: betaCommunity.community?.community.id as number,
+    description: "Example description",
+  };
+
+  await editCommunity(beta, form2);
+  // give alpha time to get and process the edit
+  await delay(1000);
+
+  let alphaCommunity = await getCommunity(
+    alpha,
+    communityRes.community_view.community.id,
+  );
+
+  await expect(alphaCommunity.community_view.community.description).toBe(
+    "Example description",
+  );
+});

api_tests/src/image.spec.ts

@@ -33,7 +33,6 @@ import {
   sampleImage,
   sampleSite,
 } from "./shared";
-const downloadFileSync = require("download-file-sync");
 
 beforeAll(setupLogins);
 
@@ -57,7 +56,8 @@ test("Upload image and delete it", async () => {
   expect(upload.delete_url).toBeDefined();
 
   // ensure that image download is working. theres probably a better way to do this
-  const content = downloadFileSync(upload.url);
+  const response = await fetch(upload.url ?? "");
+  const content = await response.text();
   expect(content.length).toBeGreaterThan(0);
 
   // Ensure that it comes back with the list_media endpoint
@@ -92,7 +92,8 @@ test("Upload image and delete it", async () => {
   expect(delete_).toBe(true);
 
   // ensure that image is deleted
-  const content2 = downloadFileSync(upload.url);
+  const response2 = await fetch(upload.url ?? "");
+  const content2 = await response2.text();
   expect(content2).toBe("");
 
   // Ensure that it shows the image is deleted
@@ -120,7 +121,8 @@ test("Purge user, uploaded image removed", async () => {
   expect(upload.delete_url).toBeDefined();
 
   // ensure that image download is working. theres probably a better way to do this
-  const content = downloadFileSync(upload.url);
+  const response = await fetch(upload.url ?? "");
+  const content = await response.text();
   expect(content.length).toBeGreaterThan(0);
 
   // purge user
@@ -132,7 +134,8 @@ test("Purge user, uploaded image removed", async () => {
   expect(delete_.success).toBe(true);
 
   // ensure that image is deleted
-  const content2 = downloadFileSync(upload.url);
+  const response2 = await fetch(upload.url ?? "");
+  const content2 = await response2.text();
   expect(content2).toBe("");
 });
 
@@ -150,7 +153,8 @@ test("Purge post, linked image removed", async () => {
   expect(upload.delete_url).toBeDefined();
 
   // ensure that image download is working. theres probably a better way to do this
-  const content = downloadFileSync(upload.url);
+  const response = await fetch(upload.url ?? "");
+  const content = await response.text();
   expect(content.length).toBeGreaterThan(0);
 
   let community = await resolveBetaCommunity(user);
@@ -160,6 +164,7 @@ test("Purge post, linked image removed", async () => {
     upload.url,
   );
   expect(post.post_view.post.url).toBe(upload.url);
+  expect(post.post_view.image_details).toBeDefined();
 
   // purge post
   const purgeForm: PurgePost = {
@@ -169,7 +174,8 @@ test("Purge post, linked image removed", async () => {
   expect(delete_.success).toBe(true);
 
   // ensure that image is deleted
-  const content2 = downloadFileSync(upload.url);
+  const response2 = await fetch(upload.url ?? "");
+  const content2 = await response2.text();
   expect(content2).toBe("");
 });
 
@@ -184,6 +190,9 @@ test("Images in remote image post are proxied if setting enabled", async () => {
   const post = postRes.post_view.post;
   expect(post).toBeDefined();
 
+  // Make sure it fetched the image details
+  expect(postRes.post_view.image_details).toBeDefined();
+
   // remote image gets proxied after upload
   expect(
     post.thumbnail_url?.startsWith(

api_tests/src/post.spec.ts

@@ -512,7 +512,7 @@ test("Enforce site ban federation for local user", async () => {
   }
   let newAlphaUserJwt = await loginUser(alpha, alphaUserPerson.name);
   alphaUserHttp.setHeaders({
-    Authorization: "Bearer " + newAlphaUserJwt.jwt ?? "",
+    Authorization: "Bearer " + newAlphaUserJwt.jwt,
   });
   // alpha makes new post in beta community, it federates
   let postRes2 = await createPost(alphaUserHttp, betaCommunity!.community.id);

api_tests/src/shared.ts

@@ -197,7 +197,7 @@ export async function setupLogins() {
     // (because last_successful_id is set to current id when federation to an instance is first started)
     // only needed the first time so do in this try
     await delay(10_000);
-  } catch (_) {
+  } catch {
     console.log("Communities already exist");
   }
 }
@@ -899,7 +899,6 @@ export async function deleteAllImages(api: LemmyHttp) {
   const imagesRes = await api.listAllMedia({
     limit: imageFetchLimit,
   });
-  imagesRes.images;
   Promise.all(
     imagesRes.images
       .map(image => {

cliff.toml

@@ -26,6 +26,7 @@ body = """
     {%- endif %}
 {%- endfor -%}
 
+{%- if github -%}
 {% if github.contributors | filter(attribute="is_first_time", value=true) | length != 0 %}
   {% raw %}\n{% endraw -%}
   ## New Contributors
@@ -36,6 +37,7 @@ body = """
       [#{{ contributor.pr_number }}]({{ self::remote_url() }}/pull/{{ contributor.pr_number }}) \
     {%- endif %}
 {%- endfor -%}
+{%- endif -%}
 
 {% if version %}
     {% if previous.version %}
@@ -70,6 +72,7 @@ commit_preprocessors = [
   # remove issue numbers from commits
   { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "" },
 ]
+commit_parsers = [{ field = "author.name", pattern = "renovate", skip = true }]
 # protect breaking changes from being skipped due to matching a skipping commit_parser
 protect_breaking_commits = false
 # filter out the commits that are not matched by commit parsers

crates/api/Cargo.toml

@@ -35,11 +35,12 @@ chrono = { workspace = true }
 url = { workspace = true }
 hound = "3.5.1"
 sitemap-rs = "0.2.1"
-totp-rs = { version = "5.5.1", features = ["gen_secret", "otpauth"] }
-actix-web-httpauth = "0.8.1"
+totp-rs = { version = "5.6.0", features = ["gen_secret", "otpauth"] }
+actix-web-httpauth = "0.8.2"
 
 [dev-dependencies]
 serial_test = { workspace = true }
 tokio = { workspace = true }
 elementtree = "1.2.3"
 pretty_assertions = { workspace = true }
+lemmy_api_crud = { workspace = true }

crates/api/src/comment/distinguish.rs

@@ -17,9 +17,13 @@ pub async fn distinguish_comment(
   context: Data<LemmyContext>,
   local_user_view: LocalUserView,
 ) -> LemmyResult<Json<CommentResponse>> {
-  let orig_comment = CommentView::read(&mut context.pool(), data.comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let orig_comment = CommentView::read(
+    &mut context.pool(),
+    data.comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   check_community_user_action(
     &local_user_view.person,
@@ -54,7 +58,7 @@ pub async fn distinguish_comment(
   let comment_view = CommentView::read(
     &mut context.pool(),
     data.comment_id,
-    Some(local_user_view.person.id),
+    Some(&local_user_view.local_user),
   )
   .await?
   .ok_or(LemmyErrorType::CouldntFindComment)?;

crates/api/src/comment/like.rs

@@ -35,9 +35,13 @@ pub async fn like_comment(
   check_bot_account(&local_user_view.person)?;
 
   let comment_id = data.comment_id;
-  let orig_comment = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let orig_comment = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   check_community_user_action(
     &local_user_view.person,

crates/api/src/comment/list_comment_likes.rs

@@ -17,7 +17,7 @@ pub async fn list_comment_likes(
   let comment_view = CommentView::read(
     &mut context.pool(),
     data.comment_id,
-    Some(local_user_view.person.id),
+    Some(&local_user_view.local_user),
   )
   .await?
   .ok_or(LemmyErrorType::CouldntFindComment)?;

crates/api/src/comment/save.rs

@@ -32,10 +32,13 @@ pub async fn save_comment(
   }
 
   let comment_id = data.comment_id;
-  let person_id = local_user_view.person.id;
-  let comment_view = CommentView::read(&mut context.pool(), comment_id, Some(person_id))
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let comment_view = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   Ok(Json(CommentResponse {
     comment_view,

crates/api/src/comment_report/create.rs

@@ -35,9 +35,13 @@ pub async fn create_comment_report(
 
   let person_id = local_user_view.person.id;
   let comment_id = data.comment_id;
-  let comment_view = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let comment_view = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   check_community_user_action(
     &local_user_view.person,

crates/api/src/community/add_mod.rs

@@ -9,6 +9,7 @@ use lemmy_api_common::{
 use lemmy_db_schema::{
   source::{
     community::{Community, CommunityModerator, CommunityModeratorForm},
+    local_user::LocalUser,
     moderator::{ModAddCommunity, ModAddCommunityForm},
   },
   traits::{Crud, Joinable},
@@ -33,6 +34,18 @@ pub async fn add_mod_to_community(
     &mut context.pool(),
   )
   .await?;
+
+  // If its a mod removal, also check that you're a higher mod.
+  if !data.added {
+    LocalUser::is_higher_mod_or_admin_check(
+      &mut context.pool(),
+      community_id,
+      local_user_view.person.id,
+      vec![data.person_id],
+    )
+    .await?;
+  }
+
   let community = Community::read(&mut context.pool(), community_id)
     .await?
     .ok_or(LemmyErrorType::CouldntFindCommunity)?;

crates/api/src/community/ban.rs

@@ -14,6 +14,7 @@ use lemmy_db_schema::{
       CommunityPersonBan,
       CommunityPersonBanForm,
     },
+    local_user::LocalUser,
     moderator::{ModBanFromCommunity, ModBanFromCommunityForm},
   },
   traits::{Bannable, Crud, Followable},
@@ -44,6 +45,14 @@ pub async fn ban_from_community(
   )
   .await?;
 
+  LocalUser::is_higher_mod_or_admin_check(
+    &mut context.pool(),
+    data.community_id,
+    local_user_view.person.id,
+    vec![data.person_id],
+  )
+  .await?;
+
   if let Some(reason) = &data.reason {
     is_valid_body_field(reason, false)?;
   }

crates/api/src/community/block.rs

@@ -50,10 +50,14 @@ pub async fn block_community(
       .with_lemmy_type(LemmyErrorType::CommunityBlockAlreadyExists)?;
   }
 
-  let community_view =
-    CommunityView::read(&mut context.pool(), community_id, Some(person_id), false)
-      .await?
-      .ok_or(LemmyErrorType::CouldntFindCommunity)?;
+  let community_view = CommunityView::read(
+    &mut context.pool(),
+    community_id,
+    Some(&local_user_view.local_user),
+    false,
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindCommunity)?;
 
   ActivityChannel::submit_activity(
     SendActivityData::FollowCommunity(

crates/api/src/community/follow.rs

@@ -62,11 +62,14 @@ pub async fn follow_community(
   }
 
   let community_id = data.community_id;
-  let person_id = local_user_view.person.id;
-  let community_view =
-    CommunityView::read(&mut context.pool(), community_id, Some(person_id), false)
-      .await?
-      .ok_or(LemmyErrorType::CouldntFindCommunity)?;
+  let community_view = CommunityView::read(
+    &mut context.pool(),
+    community_id,
+    Some(&local_user_view.local_user),
+    false,
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindCommunity)?;
 
   let discussion_languages = CommunityLanguage::read(&mut context.pool(), community_id).await?;
 

crates/api/src/community/transfer.rs

@@ -76,11 +76,14 @@ pub async fn transfer_community(
   ModTransferCommunity::create(&mut context.pool(), &form).await?;
 
   let community_id = data.community_id;
-  let person_id = local_user_view.person.id;
-  let community_view =
-    CommunityView::read(&mut context.pool(), community_id, Some(person_id), false)
-      .await?
-      .ok_or(LemmyErrorType::CouldntFindCommunity)?;
+  let community_view = CommunityView::read(
+    &mut context.pool(),
+    community_id,
+    Some(&local_user_view.local_user),
+    false,
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindCommunity)?;
 
   let community_id = data.community_id;
   let moderators = CommunityModeratorView::for_community(&mut context.pool(), community_id)

crates/api/src/local_user/add_admin.rs

@@ -24,6 +24,16 @@ pub async fn add_admin(
   // Make sure user is an admin
   is_admin(&local_user_view)?;
 
+  // If its an admin removal, also check that you're a higher admin
+  if !data.added {
+    LocalUser::is_higher_admin_check(
+      &mut context.pool(),
+      local_user_view.person.id,
+      vec![data.person_id],
+    )
+    .await?;
+  }
+
   // Make sure that the person_id added is local
   let added_local_user = LocalUserView::read_person(&mut context.pool(), data.person_id)
     .await?

crates/api/src/local_user/ban_person.rs

@@ -9,6 +9,7 @@ use lemmy_api_common::{
 };
 use lemmy_db_schema::{
   source::{
+    local_user::LocalUser,
     login_token::LoginToken,
     moderator::{ModBan, ModBanForm},
     person::{Person, PersonUpdateForm},
@@ -31,6 +32,14 @@ pub async fn ban_from_site(
   // Make sure user is an admin
   is_admin(&local_user_view)?;
 
+  // Also make sure you're a higher admin than the target
+  LocalUser::is_higher_admin_check(
+    &mut context.pool(),
+    local_user_view.person.id,
+    vec![data.person_id],
+  )
+  .await?;
+
   if let Some(reason) = &data.reason {
     is_valid_body_field(reason, false)?;
   }

crates/api/src/local_user/verify_email.rs

@@ -5,12 +5,9 @@ use lemmy_api_common::{
   utils::send_new_applicant_email_to_admins,
   SuccessResponse,
 };
-use lemmy_db_schema::{
-  source::{
-    email_verification::EmailVerification,
-    local_user::{LocalUser, LocalUserUpdateForm},
-  },
-  RegistrationMode,
+use lemmy_db_schema::source::{
+  email_verification::EmailVerification,
+  local_user::{LocalUser, LocalUserUpdateForm},
 };
 use lemmy_db_views::structs::{LocalUserView, SiteView};
 use lemmy_utils::error::{LemmyErrorType, LemmyResult};
@@ -41,9 +38,7 @@ pub async fn verify_email(
   EmailVerification::delete_old_tokens_for_local_user(&mut context.pool(), local_user_id).await?;
 
   // send out notification about registration application to admins if enabled
-  if site_view.local_site.registration_mode == RegistrationMode::RequireApplication
-    && site_view.local_site.application_email_admins
-  {
+  if site_view.local_site.application_email_admins {
     let local_user = LocalUserView::read(&mut context.pool(), local_user_id)
       .await?
       .ok_or(LemmyErrorType::CouldntFindPerson)?;

crates/api/src/post/feature.rs

@@ -72,11 +72,5 @@ pub async fn feature_post(
   )
   .await?;
 
-  build_post_response(
-    &context,
-    orig_post.community_id,
-    &local_user_view.person,
-    post_id,
-  )
-  .await
+  build_post_response(&context, orig_post.community_id, local_user_view, post_id).await
 }

crates/api/src/post/get_link_metadata.rs

@@ -4,6 +4,7 @@ use lemmy_api_common::{
   post::{GetSiteMetadata, GetSiteMetadataResponse},
   request::fetch_link_metadata,
 };
+use lemmy_db_views::structs::LocalUserView;
 use lemmy_utils::{
   error::{LemmyErrorExt, LemmyResult},
   LemmyErrorType,
@@ -14,6 +15,8 @@ use url::Url;
 pub async fn get_link_metadata(
   data: Query<GetSiteMetadata>,
   context: Data<LemmyContext>,
+  // Require an account for this API
+  _local_user_view: LocalUserView,
 ) -> LemmyResult<Json<GetSiteMetadataResponse>> {
   let url = Url::parse(&data.url).with_lemmy_type(LemmyErrorType::InvalidUrl)?;
   let metadata = fetch_link_metadata(&url, &context).await?;

crates/api/src/post/like.rs

@@ -85,11 +85,5 @@ pub async fn like_post(
   )
   .await?;
 
-  build_post_response(
-    context.deref(),
-    post.community_id,
-    &local_user_view.person,
-    post_id,
-  )
-  .await
+  build_post_response(context.deref(), post.community_id, local_user_view, post_id).await
 }

crates/api/src/post/lock.rs

@@ -63,11 +63,5 @@ pub async fn lock_post(
   )
   .await?;
 
-  build_post_response(
-    &context,
-    orig_post.community_id,
-    &local_user_view.person,
-    post_id,
-  )
-  .await
+  build_post_response(&context, orig_post.community_id, local_user_view, post_id).await
 }

crates/api/src/post/save.rs

@@ -34,9 +34,14 @@ pub async fn save_post(
 
   let post_id = data.post_id;
   let person_id = local_user_view.person.id;
-  let post_view = PostView::read(&mut context.pool(), post_id, Some(person_id), false)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindPost)?;
+  let post_view = PostView::read(
+    &mut context.pool(),
+    post_id,
+    Some(&local_user_view.local_user),
+    false,
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindPost)?;
 
   mark_post_as_read(person_id, post_id, &mut context.pool()).await?;
 

crates/api/src/site/purge/comment.rs

@@ -10,6 +10,7 @@ use lemmy_api_common::{
 use lemmy_db_schema::{
   source::{
     comment::Comment,
+    local_user::LocalUser,
     moderator::{AdminPurgeComment, AdminPurgeCommentForm},
   },
   traits::Crud,
@@ -29,9 +30,21 @@ pub async fn purge_comment(
   let comment_id = data.comment_id;
 
   // Read the comment to get the post_id and community
-  let comment_view = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let comment_view = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
+
+  // Also check that you're a higher admin
+  LocalUser::is_higher_admin_check(
+    &mut context.pool(),
+    local_user_view.person.id,
+    vec![comment_view.creator.id],
+  )
+  .await?;
 
   let post_id = comment_view.comment.post_id;
 

crates/api/src/site/purge/community.rs

@@ -9,13 +9,16 @@ use lemmy_api_common::{
   SuccessResponse,
 };
 use lemmy_db_schema::{
+  newtypes::PersonId,
   source::{
     community::Community,
+    local_user::LocalUser,
     moderator::{AdminPurgeCommunity, AdminPurgeCommunityForm},
   },
   traits::Crud,
 };
 use lemmy_db_views::structs::LocalUserView;
+use lemmy_db_views_actor::structs::CommunityModeratorView;
 use lemmy_utils::{error::LemmyResult, LemmyErrorType};
 
 #[tracing::instrument(skip(context))]
@@ -32,6 +35,21 @@ pub async fn purge_community(
     .await?
     .ok_or(LemmyErrorType::CouldntFindCommunity)?;
 
+  // Also check that you're a higher admin than all the mods
+  let community_mod_person_ids =
+    CommunityModeratorView::for_community(&mut context.pool(), community.id)
+      .await?
+      .iter()
+      .map(|cmv| cmv.moderator.id)
+      .collect::<Vec<PersonId>>();
+
+  LocalUser::is_higher_admin_check(
+    &mut context.pool(),
+    local_user_view.person.id,
+    community_mod_person_ids,
+  )
+  .await?;
+
   if let Some(banner) = &community.banner {
     purge_image_from_pictrs(banner, &context).await.ok();
   }

crates/api/src/site/purge/person.rs

@@ -10,6 +10,7 @@ use lemmy_api_common::{
 };
 use lemmy_db_schema::{
   source::{
+    local_user::LocalUser,
     moderator::{AdminPurgePerson, AdminPurgePersonForm},
     person::{Person, PersonUpdateForm},
   },
@@ -27,9 +28,18 @@ pub async fn purge_person(
   // Only let admin purge an item
   is_admin(&local_user_view)?;
 
+  // Also check that you're a higher admin
+  LocalUser::is_higher_admin_check(
+    &mut context.pool(),
+    local_user_view.person.id,
+    vec![data.person_id],
+  )
+  .await?;
+
   let person = Person::read(&mut context.pool(), data.person_id)
     .await?
     .ok_or(LemmyErrorType::CouldntFindPerson)?;
+
   ban_nonlocal_user_from_local_communities(
     &local_user_view,
     &person,

crates/api/src/site/purge/post.rs

@@ -10,6 +10,7 @@ use lemmy_api_common::{
 };
 use lemmy_db_schema::{
   source::{
+    local_user::LocalUser,
     moderator::{AdminPurgePost, AdminPurgePostForm},
     post::Post,
   },
@@ -32,6 +33,14 @@ pub async fn purge_post(
     .await?
     .ok_or(LemmyErrorType::CouldntFindPost)?;
 
+  // Also check that you're a higher admin
+  LocalUser::is_higher_admin_check(
+    &mut context.pool(),
+    local_user_view.person.id,
+    vec![post.creator_id],
+  )
+  .await?;
+
   // Purge image
   if let Some(url) = &post.url {
     purge_image_from_pictrs(url, &context).await.ok();

crates/api/src/site/registration_applications/approve.rs

@@ -1,4 +1,5 @@
-use actix_web::web::{Data, Json};
+use activitypub_federation::config::Data;
+use actix_web::web::Json;
 use lemmy_api_common::{
   context::LemmyContext,
   site::{ApproveRegistrationApplication, RegistrationApplicationResponse},
@@ -10,10 +11,13 @@ use lemmy_db_schema::{
     registration_application::{RegistrationApplication, RegistrationApplicationUpdateForm},
   },
   traits::Crud,
-  utils::diesel_string_update,
+  utils::{diesel_string_update, get_conn},
 };
 use lemmy_db_views::structs::{LocalUserView, RegistrationApplicationView};
-use lemmy_utils::{error::LemmyResult, LemmyErrorType};
+use lemmy_utils::{
+  error::{LemmyError, LemmyResult},
+  LemmyErrorType,
+};
 
 pub async fn approve_registration_application(
   data: Json<ApproveRegistrationApplication>,
@@ -25,34 +29,46 @@ pub async fn approve_registration_application(
   // Only let admins do this
   is_admin(&local_user_view)?;
 
-  // Update the registration with reason, admin_id
-  let deny_reason = diesel_string_update(data.deny_reason.as_deref());
-  let app_form = RegistrationApplicationUpdateForm {
-    admin_id: Some(Some(local_user_view.person.id)),
-    deny_reason,
-  };
+  let pool = &mut context.pool();
+  let conn = &mut get_conn(pool).await?;
+  let tx_data = data.clone();
+  let approved_user_id = conn
+    .build_transaction()
+    .run(|conn| {
+      Box::pin(async move {
+        // Update the registration with reason, admin_id
+        let deny_reason = diesel_string_update(tx_data.deny_reason.as_deref());
+        let app_form = RegistrationApplicationUpdateForm {
+          admin_id: Some(Some(local_user_view.person.id)),
+          deny_reason,
+        };
 
-  let registration_application =
-    RegistrationApplication::update(&mut context.pool(), app_id, &app_form).await?;
+        let registration_application =
+          RegistrationApplication::update(&mut conn.into(), app_id, &app_form).await?;
 
-  // Update the local_user row
-  let local_user_form = LocalUserUpdateForm {
-    accepted_application: Some(data.approve),
-    ..Default::default()
-  };
+        // Update the local_user row
+        let local_user_form = LocalUserUpdateForm {
+          accepted_application: Some(tx_data.approve),
+          ..Default::default()
+        };
 
-  let approved_user_id = registration_application.local_user_id;
-  LocalUser::update(&mut context.pool(), approved_user_id, &local_user_form).await?;
+        let approved_user_id = registration_application.local_user_id;
+        LocalUser::update(&mut conn.into(), approved_user_id, &local_user_form).await?;
+
+        Ok::<_, LemmyError>(approved_user_id)
+      }) as _
+    })
+    .await?;
 
   if data.approve {
     let approved_local_user_view = LocalUserView::read(&mut context.pool(), approved_user_id)
       .await?
       .ok_or(LemmyErrorType::CouldntFindLocalUser)?;
-
     if approved_local_user_view.local_user.email.is_some() {
+      // Email sending may fail, but this won't revert the application approval
       send_application_approved_email(&approved_local_user_view, context.settings()).await?;
     }
-  }
+  };
 
   // Read the view
   let registration_application = RegistrationApplicationView::read(&mut context.pool(), app_id)

crates/api/src/site/registration_applications/get.rs

@@ -0,0 +1,28 @@
+use actix_web::web::{Data, Json, Query};
+use lemmy_api_common::{
+  context::LemmyContext,
+  site::{GetRegistrationApplication, RegistrationApplicationResponse},
+  utils::is_admin,
+};
+use lemmy_db_views::structs::{LocalUserView, RegistrationApplicationView};
+use lemmy_utils::{error::LemmyResult, LemmyErrorType};
+
+/// Lists registration applications, filterable by undenied only.
+pub async fn get_registration_application(
+  data: Query<GetRegistrationApplication>,
+  context: Data<LemmyContext>,
+  local_user_view: LocalUserView,
+) -> LemmyResult<Json<RegistrationApplicationResponse>> {
+  // Make sure user is an admin
+  is_admin(&local_user_view)?;
+
+  // Read the view
+  let registration_application =
+    RegistrationApplicationView::read_by_person(&mut context.pool(), data.person_id)
+      .await?
+      .ok_or(LemmyErrorType::CouldntFindRegistrationApplication)?;
+
+  Ok(Json(RegistrationApplicationResponse {
+    registration_application,
+  }))
+}

crates/api/src/site/registration_applications/list.rs

@@ -1,4 +1,5 @@
-use actix_web::web::{Data, Json, Query};
+use activitypub_federation::config::Data;
+use actix_web::web::{Json, Query};
 use lemmy_api_common::{
   context::LemmyContext,
   site::{ListRegistrationApplications, ListRegistrationApplicationsResponse},

crates/api/src/site/registration_applications/mod.rs

@@ -1,3 +1,6 @@
 pub mod approve;
+pub mod get;
 pub mod list;
+#[cfg(test)]
+mod tests;
 pub mod unread_count;

crates/api/src/site/registration_applications/tests.rs

@@ -0,0 +1,428 @@
+use crate::site::registration_applications::{
+  approve::approve_registration_application,
+  list::list_registration_applications,
+  unread_count::get_unread_registration_application_count,
+};
+use activitypub_federation::config::Data;
+use actix_web::web::{Json, Query};
+use lemmy_api_common::{
+  context::LemmyContext,
+  site::{
+    ApproveRegistrationApplication,
+    EditSite,
+    GetUnreadRegistrationApplicationCountResponse,
+    ListRegistrationApplicationsResponse,
+  },
+};
+use lemmy_api_crud::site::update::update_site;
+use lemmy_db_schema::{
+  newtypes::InstanceId,
+  source::{
+    instance::Instance,
+    local_site::{LocalSite, LocalSiteInsertForm},
+    local_site_rate_limit::{LocalSiteRateLimit, LocalSiteRateLimitInsertForm},
+    local_user::{LocalUser, LocalUserInsertForm, LocalUserUpdateForm},
+    person::{Person, PersonInsertForm},
+    registration_application::{RegistrationApplication, RegistrationApplicationInsertForm},
+    site::{Site, SiteInsertForm},
+  },
+  traits::Crud,
+  utils::DbPool,
+  RegistrationMode,
+};
+use lemmy_db_views::structs::LocalUserView;
+use lemmy_utils::{error::LemmyResult, LemmyErrorType, CACHE_DURATION_API};
+use serial_test::serial;
+
+#[allow(clippy::unwrap_used)]
+async fn create_test_site(context: &Data<LemmyContext>) -> LemmyResult<(Instance, LocalUserView)> {
+  let pool = &mut context.pool();
+
+  let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string())
+    .await
+    .expect("Create test instance");
+
+  let admin_person = Person::create(
+    pool,
+    &PersonInsertForm::test_form(inserted_instance.id, "admin"),
+  )
+  .await?;
+  LocalUser::create(
+    pool,
+    &LocalUserInsertForm::test_form_admin(admin_person.id),
+    vec![],
+  )
+  .await?;
+
+  let admin_local_user_view = LocalUserView::read_person(pool, admin_person.id)
+    .await?
+    .unwrap();
+
+  let site_form = SiteInsertForm::builder()
+    .name("test site".to_string())
+    .instance_id(inserted_instance.id)
+    .build();
+  let site = Site::create(pool, &site_form).await.unwrap();
+
+  // Create a local site, since this is necessary for determining if email verification is
+  // required
+  let local_site_form = LocalSiteInsertForm::builder()
+    .site_id(site.id)
+    .require_email_verification(Some(true))
+    .application_question(Some(".".to_string()))
+    .registration_mode(Some(RegistrationMode::RequireApplication))
+    .site_setup(Some(true))
+    .build();
+  let local_site = LocalSite::create(pool, &local_site_form).await.unwrap();
+
+  // Required to have a working local SiteView when updating the site to change email verification
+  // requirement or registration mode
+  let rate_limit_form = LocalSiteRateLimitInsertForm::builder()
+    .local_site_id(local_site.id)
+    .build();
+  LocalSiteRateLimit::create(pool, &rate_limit_form)
+    .await
+    .unwrap();
+
+  Ok((inserted_instance, admin_local_user_view))
+}
+
+async fn signup(
+  pool: &mut DbPool<'_>,
+  instance_id: InstanceId,
+  name: &str,
+  email: Option<&str>,
+) -> LemmyResult<(LocalUser, RegistrationApplication)> {
+  let person_insert_form = PersonInsertForm::test_form(instance_id, name);
+  let person = Person::create(pool, &person_insert_form).await?;
+
+  let local_user_insert_form = match email {
+    Some(email) => LocalUserInsertForm {
+      email: Some(email.to_string()),
+      email_verified: Some(false),
+      ..LocalUserInsertForm::test_form(person.id)
+    },
+    None => LocalUserInsertForm::test_form(person.id),
+  };
+
+  let local_user = LocalUser::create(pool, &local_user_insert_form, vec![]).await?;
+
+  let application_insert_form = RegistrationApplicationInsertForm {
+    local_user_id: local_user.id,
+    answer: "x".to_string(),
+  };
+  let application = RegistrationApplication::create(pool, &application_insert_form).await?;
+
+  Ok((local_user, application))
+}
+
+#[allow(clippy::unwrap_used)]
+async fn get_application_statuses(
+  context: &Data<LemmyContext>,
+  admin: LocalUserView,
+) -> LemmyResult<(
+  Json<GetUnreadRegistrationApplicationCountResponse>,
+  Json<ListRegistrationApplicationsResponse>,
+  Json<ListRegistrationApplicationsResponse>,
+)> {
+  let application_count =
+    get_unread_registration_application_count(context.reset_request_count(), admin.clone()).await?;
+
+  let unread_applications = list_registration_applications(
+    Query::from_query("unread_only=true").unwrap(),
+    context.reset_request_count(),
+    admin.clone(),
+  )
+  .await?;
+
+  let all_applications = list_registration_applications(
+    Query::from_query("unread_only=false").unwrap(),
+    context.reset_request_count(),
+    admin,
+  )
+  .await?;
+
+  Ok((application_count, unread_applications, all_applications))
+}
+
+#[allow(clippy::indexing_slicing)]
+#[allow(clippy::unwrap_used)]
+#[tokio::test]
+#[serial]
+async fn test_application_approval() -> LemmyResult<()> {
+  let context = LemmyContext::init_test_context().await;
+  let pool = &mut context.pool();
+
+  let (instance, admin_local_user_view) = create_test_site(&context).await?;
+
+  // Non-unread counts unfortunately are duplicated due to different types (i64 vs usize)
+  let mut expected_total_applications = 0;
+  let mut expected_unread_applications = 0u8;
+
+  let (local_user_with_email, app_with_email) =
+    signup(pool, instance.id, "user_w_email", Some("lemmy@localhost")).await?;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // When email verification is required and the email is not verified the application should not
+  // be visible to admins
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  LocalUser::update(
+    pool,
+    local_user_with_email.id,
+    &LocalUserUpdateForm {
+      email_verified: Some(true),
+      ..Default::default()
+    },
+  )
+  .await?;
+
+  expected_total_applications += 1;
+  expected_unread_applications += 1;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // When email verification is required and the email is verified the application should be
+  // visible to admins
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert!(
+    !unread_applications.registration_applications[0]
+      .creator_local_user
+      .accepted_application
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  let approval = approve_registration_application(
+    Json(ApproveRegistrationApplication {
+      id: app_with_email.id,
+      approve: true,
+      deny_reason: None,
+    }),
+    context.reset_request_count(),
+    admin_local_user_view.clone(),
+  )
+  .await;
+  // Approval should be processed up until email sending is attempted
+  assert!(approval.is_err_and(|e| e.error_type == LemmyErrorType::NoEmailSetup));
+
+  expected_unread_applications -= 1;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // When the application is approved it should only be returned for unread queries
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+  assert!(
+    all_applications.registration_applications[0]
+      .creator_local_user
+      .accepted_application
+  );
+
+  let (_local_user, app_with_email_2) = signup(
+    pool,
+    instance.id,
+    "user_w_email_2",
+    Some("lemmy2@localhost"),
+  )
+  .await?;
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // Email not verified, so application still not visible
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  update_site(
+    Json(EditSite {
+      require_email_verification: Some(false),
+      ..Default::default()
+    }),
+    context.reset_request_count(),
+    admin_local_user_view.clone(),
+  )
+  .await?;
+
+  // TODO: There is probably a better way to ensure cache invalidation
+  tokio::time::sleep(CACHE_DURATION_API).await;
+
+  expected_total_applications += 1;
+  expected_unread_applications += 1;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // After disabling email verification the application should now be visible
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  approve_registration_application(
+    Json(ApproveRegistrationApplication {
+      id: app_with_email_2.id,
+      approve: false,
+      deny_reason: None,
+    }),
+    context.reset_request_count(),
+    admin_local_user_view.clone(),
+  )
+  .await?;
+
+  expected_unread_applications -= 1;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // Denied applications should not be marked as unread
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  signup(pool, instance.id, "user_wo_email", None).await?;
+
+  expected_total_applications += 1;
+  expected_unread_applications += 1;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // New user without email should immediately be visible
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  signup(pool, instance.id, "user_w_email_3", None).await?;
+
+  expected_total_applications += 1;
+  expected_unread_applications += 1;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // New user with email should immediately be visible
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  update_site(
+    Json(EditSite {
+      registration_mode: Some(RegistrationMode::Open),
+      ..Default::default()
+    }),
+    context.reset_request_count(),
+    admin_local_user_view.clone(),
+  )
+  .await?;
+
+  // TODO: There is probably a better way to ensure cache invalidation
+  tokio::time::sleep(CACHE_DURATION_API).await;
+
+  let (application_count, unread_applications, all_applications) =
+    get_application_statuses(&context, admin_local_user_view.clone()).await?;
+
+  // TODO: At this time applications do not get approved when switching to open registration, so the
+  //       numbers will not change. See https://github.com/LemmyNet/lemmy/issues/4969
+  // expected_application_count = 0;
+  // expected_unread_applications_len = 0;
+
+  // When applications are not required all previous applications should become approved but still
+  // visible
+  assert_eq!(
+    application_count.registration_applications,
+    i64::from(expected_unread_applications),
+  );
+  assert_eq!(
+    unread_applications.registration_applications.len(),
+    usize::from(expected_unread_applications),
+  );
+  assert_eq!(
+    all_applications.registration_applications.len(),
+    expected_total_applications,
+  );
+
+  LocalSite::delete(pool).await?;
+  // Instance deletion cascades cleanup of all created persons
+  Instance::delete(pool, instance.id).await?;
+
+  Ok(())
+}

crates/api/src/site/registration_applications/unread_count.rs

@@ -1,4 +1,5 @@
-use actix_web::web::{Data, Json};
+use activitypub_federation::config::Data;
+use actix_web::web::Json;
 use lemmy_api_common::{
   context::LemmyContext,
   site::GetUnreadRegistrationApplicationCountResponse,

crates/api_common/Cargo.toml

@@ -34,7 +34,6 @@ full = [
   "reqwest",
   "actix-web",
   "futures",
-  "once_cell",
   "jsonwebtoken",
   "mime",
 ]
@@ -61,7 +60,6 @@ reqwest = { workspace = true, optional = true }
 ts-rs = { workspace = true, optional = true }
 moka.workspace = true
 anyhow.workspace = true
-once_cell = { workspace = true, optional = true }
 actix-web = { workspace = true, optional = true }
 enum-map = { workspace = true }
 urlencoding = { workspace = true }

crates/api_common/src/build_response.rs

@@ -36,8 +36,8 @@ pub async fn build_comment_response(
   local_user_view: Option<LocalUserView>,
   recipient_ids: Vec<LocalUserId>,
 ) -> LemmyResult<CommentResponse> {
-  let person_id = local_user_view.map(|l| l.person.id);
-  let comment_view = CommentView::read(&mut context.pool(), comment_id, person_id)
+  let local_user = local_user_view.map(|l| l.local_user);
+  let comment_view = CommentView::read(&mut context.pool(), comment_id, local_user.as_ref())
     .await?
     .ok_or(LemmyErrorType::CouldntFindComment)?;
   Ok(CommentResponse {
@@ -54,11 +54,11 @@ pub async fn build_community_response(
   let is_mod_or_admin = is_mod_or_admin(&mut context.pool(), &local_user_view.person, community_id)
     .await
     .is_ok();
-  let person_id = local_user_view.person.id;
+  let local_user = local_user_view.local_user;
   let community_view = CommunityView::read(
     &mut context.pool(),
     community_id,
-    Some(person_id),
+    Some(&local_user),
     is_mod_or_admin,
   )
   .await?
@@ -74,16 +74,17 @@ pub async fn build_community_response(
 pub async fn build_post_response(
   context: &LemmyContext,
   community_id: CommunityId,
-  person: &Person,
+  local_user_view: LocalUserView,
   post_id: PostId,
 ) -> LemmyResult<Json<PostResponse>> {
-  let is_mod_or_admin = is_mod_or_admin(&mut context.pool(), person, community_id)
+  let local_user = local_user_view.local_user;
+  let is_mod_or_admin = is_mod_or_admin(&mut context.pool(), &local_user_view.person, community_id)
     .await
     .is_ok();
   let post_view = PostView::read(
     &mut context.pool(),
     post_id,
-    Some(person.id),
+    Some(&local_user),
     is_mod_or_admin,
   )
   .await?
@@ -99,14 +100,20 @@ pub async fn send_local_notifs(
   person: &Person,
   do_send_email: bool,
   context: &LemmyContext,
+  local_user_view: Option<&LocalUserView>,
 ) -> LemmyResult<Vec<LocalUserId>> {
   let mut recipient_ids = Vec::new();
   let inbox_link = format!("{}/inbox", context.settings().get_protocol_and_hostname());
 
+  // let person = my_local_user.person;
   // Read the comment view to get extra info
-  let comment_view = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let comment_view = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    local_user_view.map(|view| &view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
   let comment = comment_view.comment;
   let post = comment_view.post;
   let community = comment_view.community;

crates/api_common/src/claims.rs

@@ -116,10 +116,7 @@ mod tests {
 
     let inserted_person = Person::create(pool, &new_person).await.unwrap();
 
-    let local_user_form = LocalUserInsertForm::builder()
-      .person_id(inserted_person.id)
-      .password_encrypted("123456".to_string())
-      .build();
+    let local_user_form = LocalUserInsertForm::test_form(inserted_person.id);
 
     let inserted_local_user = LocalUser::create(pool, &local_user_form, vec![])
       .await

crates/api_common/src/post.rs

@@ -79,6 +79,10 @@ pub struct GetPosts {
   pub liked_only: Option<bool>,
   pub disliked_only: Option<bool>,
   pub show_hidden: Option<bool>,
+  /// If true, then show the read posts (even if your user setting is to hide them)
+  pub show_read: Option<bool>,
+  /// If true, then show the nsfw posts (even if your user setting is to hide them)
+  pub show_nsfw: Option<bool>,
   pub page_cursor: Option<PaginationCursor>,
 }
 

crates/api_common/src/request.rs

@@ -8,10 +8,11 @@ use crate::{
 use activitypub_federation::config::Data;
 use chrono::{DateTime, Utc};
 use encoding_rs::{Encoding, UTF_8};
+use futures::StreamExt;
 use lemmy_db_schema::{
   newtypes::DbUrl,
   source::{
-    images::{LocalImage, LocalImageForm},
+    images::{ImageDetailsForm, LocalImage, LocalImageForm},
     local_site::LocalSite,
     post::{Post, PostUpdateForm},
   },
@@ -23,7 +24,12 @@ use lemmy_utils::{
   VERSION,
 };
 use mime::Mime;
-use reqwest::{header::CONTENT_TYPE, Client, ClientBuilder};
+use reqwest::{
+  header::{CONTENT_TYPE, RANGE},
+  Client,
+  ClientBuilder,
+  Response,
+};
 use reqwest_middleware::ClientWithMiddleware;
 use serde::{Deserialize, Serialize};
 use tracing::info;
@@ -44,7 +50,17 @@ pub fn client_builder(settings: &Settings) -> ClientBuilder {
 #[tracing::instrument(skip_all)]
 pub async fn fetch_link_metadata(url: &Url, context: &LemmyContext) -> LemmyResult<LinkMetadata> {
   info!("Fetching site metadata for url: {}", url);
-  let response = context.client().get(url.as_str()).send().await?;
+  // We only fetch the first 64kB of data in order to not waste bandwidth especially for large
+  // binary files
+  let bytes_to_fetch = 64 * 1024;
+  let response = context
+    .client()
+    .get(url.as_str())
+    // we only need the first chunk of data. Note that we do not check for Accept-Range so the
+    // server may ignore this and still respond with the full response
+    .header(RANGE, format!("bytes=0-{}", bytes_to_fetch - 1)) /* -1 because inclusive */
+    .send()
+    .await?;
 
   let content_type: Option<Mime> = response
     .headers()
@@ -52,19 +68,57 @@ pub async fn fetch_link_metadata(url: &Url, context: &LemmyContext) -> LemmyResu
     .and_then(|h| h.to_str().ok())
     .and_then(|h| h.parse().ok());
 
-  // Can't use .text() here, because it only checks the content header, not the actual bytes
-  // https://github.com/LemmyNet/lemmy/issues/1964
-  let html_bytes = response.bytes().await.map_err(LemmyError::from)?.to_vec();
+  let opengraph_data = {
+    // if the content type is not text/html, we don't need to parse it
+    let is_html = content_type
+      .as_ref()
+      .map(|c| {
+        (c.type_() == mime::TEXT && c.subtype() == mime::HTML)
+      ||
+      // application/xhtml+xml is a subset of HTML
+      (c.type_() == mime::APPLICATION && c.subtype() == "xhtml")
+      })
+      .unwrap_or(false);
+    if !is_html {
+      Default::default()
+    } else {
+      // Can't use .text() here, because it only checks the content header, not the actual bytes
+      // https://github.com/LemmyNet/lemmy/issues/1964
+      // So we want to do deep inspection of the actually returned bytes but need to be careful not
+      // spend too much time parsing binary data as HTML
 
-  let opengraph_data = extract_opengraph_data(&html_bytes, url)
-    .map_err(|e| info!("{e}"))
-    .unwrap_or_default();
+      // only take first bytes regardless of how many bytes the server returns
+      let html_bytes = collect_bytes_until_limit(response, bytes_to_fetch).await?;
+      extract_opengraph_data(&html_bytes, url)
+        .map_err(|e| info!("{e}"))
+        .unwrap_or_default()
+    }
+  };
   Ok(LinkMetadata {
     opengraph_data,
     content_type: content_type.map(|c| c.to_string()),
   })
 }
 
+async fn collect_bytes_until_limit(
+  response: Response,
+  requested_bytes: usize,
+) -> Result<Vec<u8>, LemmyError> {
+  let mut stream = response.bytes_stream();
+  let mut bytes = Vec::with_capacity(requested_bytes);
+  while let Some(chunk) = stream.next().await {
+    let chunk = chunk.map_err(LemmyError::from)?;
+    // we may go over the requested size here but the important part is we don't keep aggregating
+    // more chunks than needed
+    bytes.extend_from_slice(&chunk);
+    if bytes.len() >= requested_bytes {
+      bytes.truncate(requested_bytes);
+      break;
+    }
+  }
+  Ok(bytes)
+}
+
 /// Generates and saves a post thumbnail and metadata.
 ///
 /// Takes a callback to generate a send activity task, so that post can be federated with metadata.
@@ -209,6 +263,19 @@ pub struct PictrsFileDetails {
   pub created_at: DateTime<Utc>,
 }
 
+impl PictrsFileDetails {
+  /// Builds the image form. This should always use the thumbnail_url,
+  /// Because the post_view joins to it
+  pub fn build_image_details_form(&self, thumbnail_url: &Url) -> ImageDetailsForm {
+    ImageDetailsForm {
+      link: thumbnail_url.clone().into(),
+      width: self.width.into(),
+      height: self.height.into(),
+      content_type: self.content_type.clone(),
+    }
+  }
+}
+
 #[derive(Deserialize, Serialize, Debug)]
 struct PictrsPurgeResponse {
   msg: String,
@@ -316,11 +383,52 @@ async fn generate_pictrs_thumbnail(image_url: &Url, context: &LemmyContext) -> L
   let protocol_and_hostname = context.settings().get_protocol_and_hostname();
   let thumbnail_url = image.thumbnail_url(&protocol_and_hostname)?;
 
-  LocalImage::create(&mut context.pool(), &form).await?;
+  // Also store the details for the image
+  let details_form = image.details.build_image_details_form(&thumbnail_url);
+  LocalImage::create(&mut context.pool(), &form, &details_form).await?;
 
   Ok(thumbnail_url)
 }
 
+/// Fetches the image details for pictrs proxied images
+///
+/// We don't need to check for image mode, as that's already been done
+#[tracing::instrument(skip_all)]
+pub async fn fetch_pictrs_proxied_image_details(
+  image_url: &Url,
+  context: &LemmyContext,
+) -> LemmyResult<PictrsFileDetails> {
+  let pictrs_url = context.settings().pictrs_config()?.url;
+  let encoded_image_url = encode(image_url.as_str());
+
+  // Pictrs needs you to fetch the proxied image before you can fetch the details
+  let proxy_url = format!("{pictrs_url}image/original?proxy={encoded_image_url}");
+
+  let res = context
+    .client()
+    .get(&proxy_url)
+    .timeout(REQWEST_TIMEOUT)
+    .send()
+    .await?
+    .status();
+  if !res.is_success() {
+    Err(LemmyErrorType::NotAnImageType)?
+  }
+
+  let details_url = format!("{pictrs_url}image/details/original?proxy={encoded_image_url}");
+
+  let res = context
+    .client()
+    .get(&details_url)
+    .timeout(REQWEST_TIMEOUT)
+    .send()
+    .await?
+    .json()
+    .await?;
+
+  Ok(res)
+}
+
 // TODO: get rid of this by reading content type from db
 #[tracing::instrument(skip_all)]
 async fn is_image_content_type(client: &ClientWithMiddleware, url: &Url) -> LemmyResult<()> {

crates/api_common/src/send_activity.rs

@@ -13,7 +13,7 @@ use lemmy_db_schema::{
 };
 use lemmy_db_views::structs::PrivateMessageView;
 use lemmy_utils::error::LemmyResult;
-use once_cell::sync::{Lazy, OnceCell};
+use std::sync::{LazyLock, OnceLock};
 use tokio::{
   sync::{
     mpsc,
@@ -28,7 +28,7 @@ type MatchOutgoingActivitiesBoxed =
   Box<for<'a> fn(SendActivityData, &'a Data<LemmyContext>) -> BoxFuture<'a, LemmyResult<()>>>;
 
 /// This static is necessary so that the api_common crates don't need to depend on lemmy_apub
-pub static MATCH_OUTGOING_ACTIVITIES: OnceCell<MatchOutgoingActivitiesBoxed> = OnceCell::new();
+pub static MATCH_OUTGOING_ACTIVITIES: OnceLock<MatchOutgoingActivitiesBoxed> = OnceLock::new();
 
 #[derive(Debug)]
 pub enum SendActivityData {
@@ -101,7 +101,7 @@ pub enum SendActivityData {
 
 // TODO: instead of static, move this into LemmyContext. make sure that stopping the process with
 //       ctrl+c still works.
-static ACTIVITY_CHANNEL: Lazy<ActivityChannel> = Lazy::new(|| {
+static ACTIVITY_CHANNEL: LazyLock<ActivityChannel> = LazyLock::new(|| {
   let (sender, receiver) = mpsc::unbounded_channel();
   let weak_sender = sender.downgrade();
   ActivityChannel {

crates/api_common/src/site.rs

@@ -1,7 +1,15 @@
 use crate::federate_retry_sleep_duration;
 use chrono::{DateTime, Utc};
 use lemmy_db_schema::{
-  newtypes::{CommentId, CommunityId, InstanceId, LanguageId, PersonId, PostId},
+  newtypes::{
+    CommentId,
+    CommunityId,
+    InstanceId,
+    LanguageId,
+    PersonId,
+    PostId,
+    RegistrationApplicationId,
+  },
   source::{
     federation_queue_state::FederationQueueState,
     instance::Instance,
@@ -440,13 +448,22 @@ pub struct ListRegistrationApplicationsResponse {
   pub registration_applications: Vec<RegistrationApplicationView>,
 }
 
+#[skip_serializing_none]
+#[derive(Debug, Serialize, Deserialize, Clone, Copy, Default, PartialEq, Eq, Hash)]
+#[cfg_attr(feature = "full", derive(TS))]
+#[cfg_attr(feature = "full", ts(export))]
+/// Gets a registration application for a person
+pub struct GetRegistrationApplication {
+  pub person_id: PersonId,
+}
+
 #[skip_serializing_none]
 #[derive(Debug, Serialize, Deserialize, Clone, Default, PartialEq, Eq, Hash)]
 #[cfg_attr(feature = "full", derive(TS))]
 #[cfg_attr(feature = "full", ts(export))]
 /// Approves a registration application.
 pub struct ApproveRegistrationApplication {
-  pub id: i32,
+  pub id: RegistrationApplicationId,
   pub approve: bool,
   pub deny_reason: Option<String>,
 }

crates/api_common/src/utils.rs

@@ -1,6 +1,10 @@
 use crate::{
   context::LemmyContext,
-  request::{delete_image_from_pictrs, purge_image_from_pictrs},
+  request::{
+    delete_image_from_pictrs,
+    fetch_pictrs_proxied_image_details,
+    purge_image_from_pictrs,
+  },
   site::{FederatedInstances, InstanceWithFederationState},
 };
 use chrono::{DateTime, Days, Local, TimeZone, Utc};
@@ -49,10 +53,9 @@ use lemmy_utils::{
   CACHE_DURATION_FEDERATION,
 };
 use moka::future::Cache;
-use once_cell::sync::Lazy;
 use regex::{escape, Regex, RegexSet};
 use rosetta_i18n::{Language, LanguageId};
-use std::collections::HashSet;
+use std::{collections::HashSet, sync::LazyLock};
 use tracing::warn;
 use url::{ParseError, Url};
 use urlencoding::encode;
@@ -542,7 +545,7 @@ pub fn local_site_opt_to_sensitive(local_site: &Option<LocalSite>) -> bool {
 }
 
 pub async fn get_url_blocklist(context: &LemmyContext) -> LemmyResult<RegexSet> {
-  static URL_BLOCKLIST: Lazy<Cache<(), RegexSet>> = Lazy::new(|| {
+  static URL_BLOCKLIST: LazyLock<Cache<(), RegexSet>> = LazyLock::new(|| {
     Cache::builder()
       .max_capacity(1)
       .time_to_live(CACHE_DURATION_FEDERATION)
@@ -949,7 +952,18 @@ pub async fn process_markdown(
 
   if context.settings().pictrs_config()?.image_mode() == PictrsImageMode::ProxyAllImages {
     let (text, links) = markdown_rewrite_image_links(text);
-    RemoteImage::create(&mut context.pool(), links).await?;
+
+    // Create images and image detail rows
+    for link in links {
+      // Insert image details for the remote image
+      let details_res = fetch_pictrs_proxied_image_details(&link, context).await;
+      if let Ok(details) = details_res {
+        let proxied =
+          build_proxied_image_url(&link, &context.settings().get_protocol_and_hostname())?;
+        let details_form = details.build_image_details_form(&proxied);
+        RemoteImage::create(&mut context.pool(), &details_form).await?;
+      }
+    }
     Ok(text)
   } else {
     Ok(text)
@@ -984,8 +998,14 @@ async fn proxy_image_link_internal(
     Ok(link.into())
   } else if image_mode == PictrsImageMode::ProxyAllImages {
     let proxied = build_proxied_image_url(&link, &context.settings().get_protocol_and_hostname())?;
+    // This should fail softly, since pictrs might not even be running
+    let details_res = fetch_pictrs_proxied_image_details(&link, context).await;
+
+    if let Ok(details) = details_res {
+      let details_form = details.build_image_details_form(&proxied);
+      RemoteImage::create(&mut context.pool(), &details_form).await?;
+    };
 
-    RemoteImage::create(&mut context.pool(), vec![link]).await?;
     Ok(proxied.into())
   } else {
     Ok(link.into())
@@ -1123,10 +1143,13 @@ mod tests {
       "https://lemmy-alpha/api/v3/image_proxy?url=http%3A%2F%2Flemmy-beta%2Fimage.png",
       proxied.as_str()
     );
+
+    // This fails, because the details can't be fetched without pictrs running,
+    // And a remote image won't be inserted.
     assert!(
       RemoteImage::validate(&mut context.pool(), remote_image.into())
         .await
-        .is_ok()
+        .is_err()
     );
   }
 }

crates/api_crud/Cargo.toml

@@ -26,7 +26,6 @@ url = { workspace = true }
 futures.workspace = true
 uuid = { workspace = true }
 moka.workspace = true
-once_cell.workspace = true
 anyhow.workspace = true
 webmention = "0.5.0"
 accept-language = "3.1.0"

crates/api_crud/src/comment/create.rs

@@ -8,20 +8,18 @@ use lemmy_api_common::{
   utils::{
     check_community_user_action,
     check_post_deleted_or_removed,
-    generate_local_apub_endpoint,
     get_url_blocklist,
     is_mod_or_admin,
     local_site_to_slur_regex,
     process_markdown,
     update_read_comments,
-    EndpointType,
   },
 };
 use lemmy_db_schema::{
   impls::actor_language::default_post_language,
   source::{
     actor_language::CommunityLanguage,
-    comment::{Comment, CommentInsertForm, CommentLike, CommentLikeForm, CommentUpdateForm},
+    comment::{Comment, CommentInsertForm, CommentLike, CommentLikeForm},
     comment_reply::{CommentReply, CommentReplyUpdateForm},
     local_site::LocalSite,
     person_mention::{PersonMention, PersonMentionUpdateForm},
@@ -56,7 +54,7 @@ pub async fn create_comment(
   let post_view = PostView::read(
     &mut context.pool(),
     post_id,
-    Some(local_user_view.person.id),
+    Some(&local_user_view.local_user),
     true,
   )
   .await?
@@ -126,25 +124,7 @@ pub async fn create_comment(
     .await
     .with_lemmy_type(LemmyErrorType::CouldntCreateComment)?;
 
-  // Necessary to update the ap_id
   let inserted_comment_id = inserted_comment.id;
-  let protocol_and_hostname = context.settings().get_protocol_and_hostname();
-
-  let apub_id = generate_local_apub_endpoint(
-    EndpointType::Comment,
-    &inserted_comment_id.to_string(),
-    &protocol_and_hostname,
-  )?;
-  let updated_comment = Comment::update(
-    &mut context.pool(),
-    inserted_comment_id,
-    &CommentUpdateForm {
-      ap_id: Some(apub_id),
-      ..Default::default()
-    },
-  )
-  .await
-  .with_lemmy_type(LemmyErrorType::CouldntCreateComment)?;
 
   // Scan the comment for user mentions, add those rows
   let mentions = scrape_text_for_mentions(&content);
@@ -154,6 +134,7 @@ pub async fn create_comment(
     &local_user_view.person,
     true,
     &context,
+    Some(&local_user_view),
   )
   .await?;
 
@@ -170,7 +151,7 @@ pub async fn create_comment(
     .with_lemmy_type(LemmyErrorType::CouldntLikeComment)?;
 
   ActivityChannel::submit_activity(
-    SendActivityData::CreateComment(updated_comment.clone()),
+    SendActivityData::CreateComment(inserted_comment.clone()),
     &context,
   )
   .await?;

crates/api_crud/src/comment/delete.rs

@@ -21,9 +21,13 @@ pub async fn delete_comment(
   local_user_view: LocalUserView,
 ) -> LemmyResult<Json<CommentResponse>> {
   let comment_id = data.comment_id;
-  let orig_comment = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let orig_comment = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   // Dont delete it if its already been deleted.
   if orig_comment.comment.deleted == data.deleted {
@@ -55,8 +59,15 @@ pub async fn delete_comment(
   .await
   .with_lemmy_type(LemmyErrorType::CouldntUpdateComment)?;
 
-  let recipient_ids =
-    send_local_notifs(vec![], comment_id, &local_user_view.person, false, &context).await?;
+  let recipient_ids = send_local_notifs(
+    vec![],
+    comment_id,
+    &local_user_view.person,
+    false,
+    &context,
+    Some(&local_user_view),
+  )
+  .await?;
   let updated_comment_id = updated_comment.id;
 
   ActivityChannel::submit_activity(

crates/api_crud/src/comment/remove.rs

@@ -11,6 +11,7 @@ use lemmy_db_schema::{
   source::{
     comment::{Comment, CommentUpdateForm},
     comment_report::CommentReport,
+    local_user::LocalUser,
     moderator::{ModRemoveComment, ModRemoveCommentForm},
   },
   traits::{Crud, Reportable},
@@ -25,9 +26,13 @@ pub async fn remove_comment(
   local_user_view: LocalUserView,
 ) -> LemmyResult<Json<CommentResponse>> {
   let comment_id = data.comment_id;
-  let orig_comment = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let orig_comment = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   check_community_mod_action(
     &local_user_view.person,
@@ -37,6 +42,14 @@ pub async fn remove_comment(
   )
   .await?;
 
+  LocalUser::is_higher_mod_or_admin_check(
+    &mut context.pool(),
+    orig_comment.community.id,
+    local_user_view.person.id,
+    vec![orig_comment.creator.id],
+  )
+  .await?;
+
   // Don't allow removing or restoring comment which was deleted by user, as it would reveal
   // the comment text in mod log.
   if orig_comment.comment.deleted {
@@ -71,9 +84,10 @@ pub async fn remove_comment(
   let recipient_ids = send_local_notifs(
     vec![],
     comment_id,
-    &local_user_view.person.clone(),
+    &local_user_view.person,
     false,
     &context,
+    Some(&local_user_view),
   )
   .await?;
   let updated_comment_id = updated_comment.id;

crates/api_crud/src/comment/update.rs

@@ -36,9 +36,13 @@ pub async fn update_comment(
   let local_site = LocalSite::read(&mut context.pool()).await?;
 
   let comment_id = data.comment_id;
-  let orig_comment = CommentView::read(&mut context.pool(), comment_id, None)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindComment)?;
+  let orig_comment = CommentView::read(
+    &mut context.pool(),
+    comment_id,
+    Some(&local_user_view.local_user),
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindComment)?;
 
   check_community_user_action(
     &local_user_view.person,
@@ -87,6 +91,7 @@ pub async fn update_comment(
     &local_user_view.person,
     false,
     &context,
+    Some(&local_user_view),
   )
   .await?;
 

crates/api_crud/src/post/create.rs

@@ -8,13 +8,11 @@ use lemmy_api_common::{
   send_activity::SendActivityData,
   utils::{
     check_community_user_action,
-    generate_local_apub_endpoint,
     get_url_blocklist,
     honeypot_check,
     local_site_to_slur_regex,
     mark_post_as_read,
     process_markdown_opt,
-    EndpointType,
   },
 };
 use lemmy_db_schema::{
@@ -23,7 +21,7 @@ use lemmy_db_schema::{
     actor_language::CommunityLanguage,
     community::Community,
     local_site::LocalSite,
-    post::{Post, PostInsertForm, PostLike, PostLikeForm, PostUpdateForm},
+    post::{Post, PostInsertForm, PostLike, PostLikeForm},
   },
   traits::{Crud, Likeable},
   utils::diesel_url_create,
@@ -37,11 +35,11 @@ use lemmy_utils::{
   utils::{
     slurs::check_slurs,
     validation::{
-      check_url_scheme,
       is_url_blocked,
       is_valid_alt_text_field,
       is_valid_body_field,
       is_valid_post_title,
+      is_valid_url,
     },
   },
 };
@@ -71,11 +69,11 @@ pub async fn create_post(
 
   if let Some(url) = &url {
     is_url_blocked(url, &url_blocklist)?;
-    check_url_scheme(url)?;
+    is_valid_url(url)?;
   }
 
   if let Some(custom_thumbnail) = &custom_thumbnail {
-    check_url_scheme(custom_thumbnail)?;
+    is_valid_url(custom_thumbnail)?;
   }
 
   if let Some(alt_text) = &data.alt_text {
@@ -147,26 +145,8 @@ pub async fn create_post(
     .await
     .with_lemmy_type(LemmyErrorType::CouldntCreatePost)?;
 
-  let inserted_post_id = inserted_post.id;
-  let protocol_and_hostname = context.settings().get_protocol_and_hostname();
-  let apub_id = generate_local_apub_endpoint(
-    EndpointType::Post,
-    &inserted_post_id.to_string(),
-    &protocol_and_hostname,
-  )?;
-  let updated_post = Post::update(
-    &mut context.pool(),
-    inserted_post_id,
-    &PostUpdateForm {
-      ap_id: Some(apub_id),
-      ..Default::default()
-    },
-  )
-  .await
-  .with_lemmy_type(LemmyErrorType::CouldntCreatePost)?;
-
   generate_post_link_metadata(
-    updated_post.clone(),
+    inserted_post.clone(),
     custom_thumbnail.map(Into::into),
     |post| Some(SendActivityData::CreatePost(post)),
     Some(local_site),
@@ -189,11 +169,11 @@ pub async fn create_post(
 
   mark_post_as_read(person_id, post_id, &mut context.pool()).await?;
 
-  if let Some(url) = updated_post.url.clone() {
+  if let Some(url) = inserted_post.url.clone() {
     if community.visibility == CommunityVisibility::Public {
       spawn_try_task(async move {
         let mut webmention =
-          Webmention::new::<Url>(updated_post.ap_id.clone().into(), url.clone().into())?;
+          Webmention::new::<Url>(inserted_post.ap_id.clone().into(), url.clone().into())?;
         webmention.set_checked(true);
         match webmention
           .send()
@@ -208,5 +188,5 @@ pub async fn create_post(
     }
   };
 
-  build_post_response(&context, community_id, &local_user_view.person, post_id).await
+  build_post_response(&context, community_id, local_user_view, post_id).await
 }

crates/api_crud/src/post/delete.rs

@@ -62,7 +62,7 @@ pub async fn delete_post(
   build_post_response(
     &context,
     orig_post.community_id,
-    &local_user_view.person,
+    local_user_view,
     data.post_id,
   )
   .await

crates/api_crud/src/post/read.rs

@@ -55,9 +55,15 @@ pub async fn get_post(
   .await
   .is_ok();
 
-  let post_view = PostView::read(&mut context.pool(), post_id, person_id, is_mod_or_admin)
-    .await?
-    .ok_or(LemmyErrorType::CouldntFindPost)?;
+  let local_user = local_user_view.map(|l| l.local_user);
+  let post_view = PostView::read(
+    &mut context.pool(),
+    post_id,
+    local_user.as_ref(),
+    is_mod_or_admin,
+  )
+  .await?
+  .ok_or(LemmyErrorType::CouldntFindPost)?;
 
   let post_id = post_view.post.id;
   if let Some(person_id) = person_id {
@@ -76,20 +82,19 @@ pub async fn get_post(
   let community_view = CommunityView::read(
     &mut context.pool(),
     community_id,
-    person_id,
+    local_user.as_ref(),
     is_mod_or_admin,
   )
   .await?
   .ok_or(LemmyErrorType::CouldntFindCommunity)?;
 
   let moderators = CommunityModeratorView::for_community(&mut context.pool(), community_id).await?;
-  let local_user = local_user_view.as_ref().map(|u| &u.local_user);
 
   // Fetch the cross_posts
   let cross_posts = if let Some(url) = &post_view.post.url {
     let mut x_posts = PostQuery {
       url_search: Some(url.inner().as_str().into()),
-      local_user,
+      local_user: local_user.as_ref(),
       ..Default::default()
     }
     .list(&local_site.site, &mut context.pool())

crates/api_crud/src/post/remove.rs

@@ -9,6 +9,7 @@ use lemmy_api_common::{
 };
 use lemmy_db_schema::{
   source::{
+    local_user::LocalUser,
     moderator::{ModRemovePost, ModRemovePostForm},
     post::{Post, PostUpdateForm},
     post_report::PostReport,
@@ -37,6 +38,14 @@ pub async fn remove_post(
   )
   .await?;
 
+  LocalUser::is_higher_mod_or_admin_check(
+    &mut context.pool(),
+    orig_post.community_id,
+    local_user_view.person.id,
+    vec![orig_post.creator_id],
+  )
+  .await?;
+
   // Update the post
   let post_id = data.post_id;
   let removed = data.removed;
@@ -73,11 +82,5 @@ pub async fn remove_post(
   )
   .await?;
 
-  build_post_response(
-    &context,
-    orig_post.community_id,
-    &local_user_view.person,
-    post_id,
-  )
-  .await
+  build_post_response(&context, orig_post.community_id, local_user_view, post_id).await
 }

crates/api_crud/src/post/update.rs

@@ -28,11 +28,11 @@ use lemmy_utils::{
   utils::{
     slurs::check_slurs,
     validation::{
-      check_url_scheme,
       is_url_blocked,
       is_valid_alt_text_field,
       is_valid_body_field,
       is_valid_post_title,
+      is_valid_url,
     },
   },
 };
@@ -77,11 +77,11 @@ pub async fn update_post(
 
   if let Some(Some(url)) = &url {
     is_url_blocked(url, &url_blocklist)?;
-    check_url_scheme(url)?;
+    is_valid_url(url)?;
   }
 
   if let Some(Some(custom_thumbnail)) = &custom_thumbnail {
-    check_url_scheme(custom_thumbnail)?;
+    is_valid_url(custom_thumbnail)?;
   }
 
   let post_id = data.post_id;
@@ -137,7 +137,7 @@ pub async fn update_post(
   build_post_response(
     context.deref(),
     orig_post.community_id,
-    &local_user_view.person,
+    local_user_view,
     post_id,
   )
   .await

crates/api_crud/src/private_message/create.rs

@@ -6,19 +6,17 @@ use lemmy_api_common::{
   send_activity::{ActivityChannel, SendActivityData},
   utils::{
     check_person_block,
-    generate_local_apub_endpoint,
     get_interface_language,
     get_url_blocklist,
     local_site_to_slur_regex,
     process_markdown,
     send_email_to_user,
-    EndpointType,
   },
 };
 use lemmy_db_schema::{
   source::{
     local_site::LocalSite,
-    private_message::{PrivateMessage, PrivateMessageInsertForm, PrivateMessageUpdateForm},
+    private_message::{PrivateMessage, PrivateMessageInsertForm},
   },
   traits::Crud,
 };
@@ -58,24 +56,6 @@ pub async fn create_private_message(
     .await
     .with_lemmy_type(LemmyErrorType::CouldntCreatePrivateMessage)?;
 
-  let inserted_private_message_id = inserted_private_message.id;
-  let protocol_and_hostname = context.settings().get_protocol_and_hostname();
-  let apub_id = generate_local_apub_endpoint(
-    EndpointType::PrivateMessage,
-    &inserted_private_message_id.to_string(),
-    &protocol_and_hostname,
-  )?;
-  PrivateMessage::update(
-    &mut context.pool(),
-    inserted_private_message.id,
-    &PrivateMessageUpdateForm {
-      ap_id: Some(apub_id),
-      ..Default::default()
-    },
-  )
-  .await
-  .with_lemmy_type(LemmyErrorType::CouldntCreatePrivateMessage)?;
-
   let view = PrivateMessageView::read(&mut context.pool(), inserted_private_message.id)
     .await?
     .ok_or(LemmyErrorType::CouldntFindPrivateMessage)?;

crates/api_crud/src/site/create.rs

@@ -1,6 +1,6 @@
 use crate::site::{application_question_check, site_default_post_listing_type_check};
-use activitypub_federation::http_signatures::generate_actor_keypair;
-use actix_web::web::{Data, Json};
+use activitypub_federation::{config::Data, http_signatures::generate_actor_keypair};
+use actix_web::web::Json;
 use lemmy_api_common::{
   context::LemmyContext,
   site::{CreateSite, SiteResponse},

crates/api_crud/src/site/read.rs

@@ -24,14 +24,14 @@ use lemmy_utils::{
   VERSION,
 };
 use moka::future::Cache;
-use once_cell::sync::Lazy;
+use std::sync::LazyLock;
 
 #[tracing::instrument(skip(context))]
 pub async fn get_site(
   local_user_view: Option<LocalUserView>,
   context: Data<LemmyContext>,
 ) -> LemmyResult<Json<GetSiteResponse>> {
-  static CACHE: Lazy<Cache<(), GetSiteResponse>> = Lazy::new(|| {
+  static CACHE: LazyLock<Cache<(), GetSiteResponse>> = LazyLock::new(|| {
     Cache::builder()
       .max_capacity(1)
       .time_to_live(CACHE_DURATION_API)
@@ -84,7 +84,7 @@ pub async fn get_site(
       |pool| CommunityBlockView::for_person(pool, person_id),
       |pool| InstanceBlockView::for_person(pool, person_id),
       |pool| PersonBlockView::for_person(pool, person_id),
-      |pool| CommunityModeratorView::for_person(pool, person_id, true),
+      |pool| CommunityModeratorView::for_person(pool, person_id, Some(&local_user_view.local_user)),
       |pool| LocalUserLanguage::read(pool, local_user_id)
     ))
     .with_lemmy_type(LemmyErrorType::SystemErrLogin)?;

crates/api_crud/src/user/create.rs

@@ -150,18 +150,18 @@ pub async fn register(
     .unwrap_or(site_view.site.content_warning.is_some());
 
   // Create the local user
-  let local_user_form = LocalUserInsertForm::builder()
-    .person_id(inserted_person.id)
-    .email(data.email.as_deref().map(str::to_lowercase))
-    .password_encrypted(data.password.to_string())
-    .show_nsfw(Some(show_nsfw))
-    .accepted_application(accepted_application)
-    .default_listing_type(Some(local_site.default_post_listing_type))
-    .post_listing_mode(Some(local_site.default_post_listing_mode))
-    .interface_language(language_tags.first().cloned())
+  let local_user_form = LocalUserInsertForm {
+    email: data.email.as_deref().map(str::to_lowercase),
+    password_encrypted: data.password.to_string(),
+    show_nsfw: Some(show_nsfw),
+    accepted_application,
+    default_listing_type: Some(local_site.default_post_listing_type),
+    post_listing_mode: Some(local_site.default_post_listing_mode),
+    interface_language: language_tags.first().cloned(),
     // If its the initial site setup, they are an admin
-    .admin(Some(!local_site.site_setup))
-    .build();
+    admin: Some(!local_site.site_setup),
+    ..LocalUserInsertForm::new(inserted_person.id, data.password.to_string())
+  };
 
   let all_languages = Language::read_all(&mut context.pool()).await?;
   // use hashset to avoid duplicates

crates/apub/Cargo.toml

@@ -31,7 +31,7 @@ serde = { workspace = true }
 actix-web = { workspace = true }
 tokio = { workspace = true }
 tracing = { workspace = true }
-strum_macros = { workspace = true }
+strum = { workspace = true }
 url = { workspace = true }
 http = { workspace = true }
 futures = { workspace = true }
@@ -40,7 +40,6 @@ uuid = { workspace = true }
 async-trait = { workspace = true }
 anyhow = { workspace = true }
 reqwest = { workspace = true }
-once_cell = { workspace = true }
 moka.workspace = true
 serde_with.workspace = true
 html2md = "0.2.14"

crates/apub/src/activities/block/mod.rs

@@ -38,7 +38,6 @@ pub enum SiteOrCommunity {
   Site(ApubSite),
   Community(ApubCommunity),
 }
-
 #[derive(Deserialize)]
 #[serde(untagged)]
 pub enum InstanceOrGroup {
@@ -74,12 +73,18 @@ impl Object for SiteOrCommunity {
     })
   }
 
-  async fn delete(self, _data: &Data<Self::DataType>) -> LemmyResult<()> {
-    unimplemented!()
+  async fn delete(self, data: &Data<Self::DataType>) -> LemmyResult<()> {
+    match self {
+      SiteOrCommunity::Site(i) => i.delete(data).await,
+      SiteOrCommunity::Community(c) => c.delete(data).await,
+    }
   }
 
-  async fn into_json(self, _data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
-    unimplemented!()
+  async fn into_json(self, data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
+    Ok(match self {
+      SiteOrCommunity::Site(i) => InstanceOrGroup::Instance(i.into_json(data).await?),
+      SiteOrCommunity::Community(c) => InstanceOrGroup::Group(c.into_json(data).await?),
+    })
   }
 
   #[tracing::instrument(skip_all)]

crates/apub/src/activities/create_or_update/comment.rs

@@ -179,7 +179,7 @@ impl ActivityHandler for CreateOrUpdateNote {
     // TODO: for compatibility with other projects, it would be much better to read this from cc or
     // tags
     let mentions = scrape_text_for_mentions(&comment.content);
-    send_local_notifs(mentions, comment.id, &actor, do_send_email, context).await?;
+    send_local_notifs(mentions, comment.id, &actor, do_send_email, context, None).await?;
     Ok(())
   }
 }

crates/apub/src/activities/deletion/delete.rs

@@ -175,8 +175,9 @@ pub(in crate::activities) async fn receive_remove_action(
       )
       .await?;
     }
-    DeletableObjects::PrivateMessage(_) => unimplemented!(),
-    DeletableObjects::Person { .. } => unimplemented!(),
+    // TODO these need to be implemented yet, for now, return errors
+    DeletableObjects::PrivateMessage(_) => Err(LemmyErrorType::CouldntFindPrivateMessage)?,
+    DeletableObjects::Person(_) => Err(LemmyErrorType::CouldntFindPerson)?,
   }
   Ok(())
 }

crates/apub/src/activities/deletion/undo_delete.rs

@@ -155,8 +155,9 @@ impl UndoDelete {
         )
         .await?;
       }
-      DeletableObjects::PrivateMessage(_) => unimplemented!(),
-      DeletableObjects::Person { .. } => unimplemented!(),
+      // TODO these need to be implemented yet, for now, return errors
+      DeletableObjects::PrivateMessage(_) => Err(LemmyErrorType::CouldntFindPrivateMessage)?,
+      DeletableObjects::Person(_) => Err(LemmyErrorType::CouldntFindPerson)?,
     }
     Ok(())
   }

crates/apub/src/activity_lists.rs

@@ -26,7 +26,7 @@ use crate::{
 };
 use activitypub_federation::{config::Data, traits::ActivityHandler};
 use lemmy_api_common::context::LemmyContext;
-use lemmy_utils::error::LemmyResult;
+use lemmy_utils::{error::LemmyResult, LemmyErrorType};
 use serde::{Deserialize, Serialize};
 use url::Url;
 
@@ -117,7 +117,7 @@ impl InCommunity for AnnouncableActivities {
       CollectionRemove(a) => a.community(context).await,
       LockPost(a) => a.community(context).await,
       UndoLockPost(a) => a.community(context).await,
-      Page(_) => unimplemented!(),
+      Page(_) => Err(LemmyErrorType::CouldntFindPost.into()),
     }
   }
 }

crates/apub/src/api/list_comments.rs

@@ -37,11 +37,11 @@ pub async fn list_comments(
   };
   let sort = data.sort;
   let max_depth = data.max_depth;
-  let saved_only = data.saved_only.unwrap_or_default();
+  let saved_only = data.saved_only;
 
-  let liked_only = data.liked_only.unwrap_or_default();
-  let disliked_only = data.disliked_only.unwrap_or_default();
-  if liked_only && disliked_only {
+  let liked_only = data.liked_only;
+  let disliked_only = data.disliked_only;
+  if liked_only.unwrap_or_default() && disliked_only.unwrap_or_default() {
     return Err(LemmyError::from(LemmyErrorType::ContradictingFilters));
   }
 

crates/apub/src/api/list_posts.rs

@@ -40,12 +40,14 @@ pub async fn list_posts(
   } else {
     data.community_id
   };
-  let saved_only = data.saved_only.unwrap_or_default();
-  let show_hidden = data.show_hidden.unwrap_or_default();
+  let saved_only = data.saved_only;
+  let show_hidden = data.show_hidden;
+  let show_read = data.show_read;
+  let show_nsfw = data.show_nsfw;
 
-  let liked_only = data.liked_only.unwrap_or_default();
-  let disliked_only = data.disliked_only.unwrap_or_default();
-  if liked_only && disliked_only {
+  let liked_only = data.liked_only;
+  let disliked_only = data.disliked_only;
+  if liked_only.unwrap_or_default() && disliked_only.unwrap_or_default() {
     return Err(LemmyError::from(LemmyErrorType::ContradictingFilters));
   }
 
@@ -82,6 +84,8 @@ pub async fn list_posts(
     page_after,
     limit,
     show_hidden,
+    show_read,
+    show_nsfw,
     ..Default::default()
   }
   .list(&local_site.site, &mut context.pool())

crates/apub/src/api/read_community.rs

@@ -29,7 +29,7 @@ pub async fn get_community(
 
   check_private_instance(&local_user_view, &local_site)?;
 
-  let person_id = local_user_view.as_ref().map(|u| u.person.id);
+  let local_user = local_user_view.as_ref().map(|u| &u.local_user);
 
   let community_id = match data.id {
     Some(id) => id,
@@ -53,7 +53,7 @@ pub async fn get_community(
   let community_view = CommunityView::read(
     &mut context.pool(),
     community_id,
-    person_id,
+    local_user,
     is_mod_or_admin,
   )
   .await?

crates/apub/src/api/read_person.rs

@@ -55,11 +55,11 @@ pub async fn read_person(
   let sort = data.sort;
   let page = data.page;
   let limit = data.limit;
-  let saved_only = data.saved_only.unwrap_or_default();
+  let saved_only = data.saved_only;
   let community_id = data.community_id;
   // If its saved only, you don't care what creator it was
   // Or, if its not saved, then you only want it for that specific creator
-  let creator_id = if !saved_only {
+  let creator_id = if !saved_only.unwrap_or_default() {
     Some(person_details_id)
   } else {
     None
@@ -96,7 +96,7 @@ pub async fn read_person(
   let moderates = CommunityModeratorView::for_person(
     &mut context.pool(),
     person_details_id,
-    local_user_view.is_some(),
+    local_user_view.map(|l| l.local_user).as_ref(),
   )
   .await?;
 

crates/apub/src/api/resolve_object.rs

@@ -10,7 +10,7 @@ use lemmy_api_common::{
   site::{ResolveObject, ResolveObjectResponse},
   utils::check_private_instance,
 };
-use lemmy_db_schema::{newtypes::PersonId, source::local_site::LocalSite, utils::DbPool};
+use lemmy_db_schema::{source::local_site::LocalSite, utils::DbPool};
 use lemmy_db_views::structs::{CommentView, LocalUserView, PostView};
 use lemmy_db_views_actor::structs::{CommunityView, PersonView};
 use lemmy_utils::error::{LemmyErrorExt2, LemmyErrorType, LemmyResult};
@@ -23,10 +23,9 @@ pub async fn resolve_object(
 ) -> LemmyResult<Json<ResolveObjectResponse>> {
   let local_site = LocalSite::read(&mut context.pool()).await?;
   check_private_instance(&local_user_view, &local_site)?;
-  let person_id = local_user_view.map(|v| v.person.id);
   // If we get a valid personId back we can safely assume that the user is authenticated,
   // if there's no personId then the JWT was missing or invalid.
-  let is_authenticated = person_id.is_some();
+  let is_authenticated = local_user_view.is_some();
 
   let res = if is_authenticated {
     // user is fully authenticated; allow remote lookups as well.
@@ -37,24 +36,26 @@ pub async fn resolve_object(
   }
   .with_lemmy_type(LemmyErrorType::CouldntFindObject)?;
 
-  convert_response(res, person_id, &mut context.pool())
+  convert_response(res, local_user_view, &mut context.pool())
     .await
     .with_lemmy_type(LemmyErrorType::CouldntFindObject)
 }
 
 async fn convert_response(
   object: SearchableObjects,
-  user_id: Option<PersonId>,
+  local_user_view: Option<LocalUserView>,
   pool: &mut DbPool<'_>,
 ) -> LemmyResult<Json<ResolveObjectResponse>> {
   use SearchableObjects::*;
   let removed_or_deleted;
   let mut res = ResolveObjectResponse::default();
+  let local_user = local_user_view.map(|l| l.local_user);
+
   match object {
     Post(p) => {
       removed_or_deleted = p.deleted || p.removed;
       res.post = Some(
-        PostView::read(pool, p.id, user_id, false)
+        PostView::read(pool, p.id, local_user.as_ref(), false)
           .await?
           .ok_or(LemmyErrorType::CouldntFindPost)?,
       )
@@ -62,7 +63,7 @@ async fn convert_response(
     Comment(c) => {
       removed_or_deleted = c.deleted || c.removed;
       res.comment = Some(
-        CommentView::read(pool, c.id, user_id)
+        CommentView::read(pool, c.id, local_user.as_ref())
           .await?
           .ok_or(LemmyErrorType::CouldntFindComment)?,
       )
@@ -79,7 +80,7 @@ async fn convert_response(
       UserOrCommunity::Community(c) => {
         removed_or_deleted = c.deleted || c.removed;
         res.community = Some(
-          CommunityView::read(pool, c.id, user_id, false)
+          CommunityView::read(pool, c.id, local_user.as_ref(), false)
             .await?
             .ok_or(LemmyErrorType::CouldntFindCommunity)?,
         )

crates/apub/src/api/user_settings_backup.rs

@@ -345,10 +345,7 @@ mod tests {
     };
     let person = Person::create(&mut context.pool(), &person_form).await?;
 
-    let user_form = LocalUserInsertForm::builder()
-      .person_id(person.id)
-      .password_encrypted("pass".to_string())
-      .build();
+    let user_form = LocalUserInsertForm::test_form(person.id);
     let local_user = LocalUser::create(&mut context.pool(), &user_form, vec![]).await?;
 
     Ok(

crates/apub/src/fetcher/post_or_comment.rs

@@ -61,8 +61,11 @@ impl Object for PostOrComment {
     }
   }
 
-  async fn into_json(self, _data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
-    unimplemented!()
+  async fn into_json(self, data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
+    Ok(match self {
+      PostOrComment::Post(p) => PageOrNote::Page(Box::new(p.into_json(data).await?)),
+      PostOrComment::Comment(c) => PageOrNote::Note(c.into_json(data).await?),
+    })
   }
 
   #[tracing::instrument(skip_all)]

crates/apub/src/fetcher/search.rs

@@ -118,8 +118,17 @@ impl Object for SearchableObjects {
     }
   }
 
-  async fn into_json(self, _data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
-    unimplemented!()
+  async fn into_json(self, data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
+    Ok(match self {
+      SearchableObjects::Post(p) => SearchableKinds::Page(Box::new(p.into_json(data).await?)),
+      SearchableObjects::Comment(c) => SearchableKinds::Note(c.into_json(data).await?),
+      SearchableObjects::PersonOrCommunity(pc) => {
+        SearchableKinds::PersonOrGroup(Box::new(match *pc {
+          UserOrCommunity::User(p) => PersonOrGroup::Person(p.into_json(data).await?),
+          UserOrCommunity::Community(c) => PersonOrGroup::Group(c.into_json(data).await?),
+        }))
+      }
+    })
   }
 
   #[tracing::instrument(skip_all)]

crates/apub/src/fetcher/site_or_community_or_user.rs

@@ -1,6 +1,6 @@
 use crate::{
   fetcher::user_or_community::{PersonOrGroup, UserOrCommunity},
-  objects::instance::ApubSite,
+  objects::{community::ApubCommunity, instance::ApubSite, person::ApubPerson},
   protocol::objects::instance::Instance,
 };
 use activitypub_federation::{
@@ -41,11 +41,14 @@ impl Object for SiteOrCommunityOrUser {
   }
 
   #[tracing::instrument(skip_all)]
-  async fn read_from_id(
-    _object_id: Url,
-    _data: &Data<Self::DataType>,
-  ) -> LemmyResult<Option<Self>> {
-    unimplemented!();
+  async fn read_from_id(object_id: Url, data: &Data<Self::DataType>) -> LemmyResult<Option<Self>> {
+    let site = ApubSite::read_from_id(object_id.clone(), data).await?;
+    Ok(match site {
+      Some(o) => Some(SiteOrCommunityOrUser::Site(o)),
+      None => UserOrCommunity::read_from_id(object_id, data)
+        .await?
+        .map(SiteOrCommunityOrUser::UserOrCommunity),
+    })
   }
 
   #[tracing::instrument(skip_all)]
@@ -56,8 +59,13 @@ impl Object for SiteOrCommunityOrUser {
     }
   }
 
-  async fn into_json(self, _data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
-    unimplemented!()
+  async fn into_json(self, data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
+    Ok(match self {
+      SiteOrCommunityOrUser::Site(p) => SiteOrPersonOrGroup::Instance(p.into_json(data).await?),
+      SiteOrCommunityOrUser::UserOrCommunity(p) => {
+        SiteOrPersonOrGroup::PersonOrGroup(p.into_json(data).await?)
+      }
+    })
   }
 
   #[tracing::instrument(skip_all)]
@@ -75,8 +83,18 @@ impl Object for SiteOrCommunityOrUser {
   }
 
   #[tracing::instrument(skip_all)]
-  async fn from_json(_apub: Self::Kind, _data: &Data<Self::DataType>) -> LemmyResult<Self> {
-    unimplemented!();
+  async fn from_json(apub: Self::Kind, data: &Data<Self::DataType>) -> LemmyResult<Self> {
+    Ok(match apub {
+      SiteOrPersonOrGroup::Instance(a) => {
+        SiteOrCommunityOrUser::Site(ApubSite::from_json(a, data).await?)
+      }
+      SiteOrPersonOrGroup::PersonOrGroup(a) => SiteOrCommunityOrUser::UserOrCommunity(match a {
+        PersonOrGroup::Person(p) => UserOrCommunity::User(ApubPerson::from_json(p, data).await?),
+        PersonOrGroup::Group(g) => {
+          UserOrCommunity::Community(ApubCommunity::from_json(g, data).await?)
+        }
+      }),
+    })
   }
 }
 
@@ -103,6 +121,9 @@ impl Actor for SiteOrCommunityOrUser {
   }
 
   fn inbox(&self) -> Url {
-    unimplemented!()
+    match self {
+      SiteOrCommunityOrUser::Site(u) => u.inbox(),
+      SiteOrCommunityOrUser::UserOrCommunity(c) => c.inbox(),
+    }
   }
 }

crates/apub/src/fetcher/user_or_community.rs

@@ -65,8 +65,11 @@ impl Object for UserOrCommunity {
     }
   }
 
-  async fn into_json(self, _data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
-    unimplemented!()
+  async fn into_json(self, data: &Data<Self::DataType>) -> LemmyResult<Self::Kind> {
+    Ok(match self {
+      UserOrCommunity::User(p) => PersonOrGroup::Person(p.into_json(data).await?),
+      UserOrCommunity::Community(p) => PersonOrGroup::Group(p.into_json(data).await?),
+    })
   }
 
   #[tracing::instrument(skip_all)]
@@ -115,7 +118,10 @@ impl Actor for UserOrCommunity {
   }
 
   fn inbox(&self) -> Url {
-    unimplemented!()
+    match self {
+      UserOrCommunity::User(p) => p.inbox(),
+      UserOrCommunity::Community(p) => p.inbox(),
+    }
   }
 }
 

crates/apub/src/lib.rs

@@ -14,9 +14,8 @@ use lemmy_utils::{
   CACHE_DURATION_FEDERATION,
 };
 use moka::future::Cache;
-use once_cell::sync::Lazy;
 use serde_json::Value;
-use std::sync::Arc;
+use std::sync::{Arc, LazyLock};
 use url::Url;
 
 pub mod activities;
@@ -36,7 +35,7 @@ pub const FEDERATION_HTTP_FETCH_LIMIT: u32 = 100;
 /// Only include a basic context to save space and bandwidth. The main context is hosted statically
 /// on join-lemmy.org. Include activitystreams explicitly for better compat, but this could
 /// theoretically also be moved.
-pub static FEDERATION_CONTEXT: Lazy<Value> = Lazy::new(|| {
+pub static FEDERATION_CONTEXT: LazyLock<Value> = LazyLock::new(|| {
   Value::Array(vec![
     Value::String("https://join-lemmy.org/context.json".to_string()),
     Value::String("https://www.w3.org/ns/activitystreams".to_string()),
@@ -129,7 +128,7 @@ pub(crate) async fn local_site_data_cached(
   // multiple times. This causes a huge number of database reads if we hit the db directly. So we
   // cache these values for a short time, which will already make a huge difference and ensures that
   // changes take effect quickly.
-  static CACHE: Lazy<Cache<(), Arc<LocalSiteData>>> = Lazy::new(|| {
+  static CACHE: LazyLock<Cache<(), Arc<LocalSiteData>>> = LazyLock::new(|| {
     Cache::builder()
       .max_capacity(1)
       .time_to_live(CACHE_DURATION_FEDERATION)

crates/apub/src/objects/instance.rs

@@ -88,7 +88,7 @@ impl Object for ApubSite {
   }
 
   async fn delete(self, _data: &Data<Self::DataType>) -> LemmyResult<()> {
-    unimplemented!()
+    Err(LemmyErrorType::CantDeleteSite.into())
   }
 
   #[tracing::instrument(skip_all)]
@@ -109,7 +109,7 @@ impl Object for ApubSite {
       icon: self.icon.clone().map(ImageObject::new),
       image: self.banner.clone().map(ImageObject::new),
       inbox: self.inbox_url.clone().into(),
-      outbox: Url::parse(&format!("{}/site_outbox", self.actor_id))?,
+      outbox: Url::parse(&format!("{}site_outbox", self.actor_id))?,
       public_key: self.public_key(),
       language,
       content_warning: self.content_warning.clone(),

crates/apub/src/objects/post.rs

@@ -41,7 +41,11 @@ use lemmy_db_views_actor::structs::CommunityModeratorView;
 use lemmy_utils::{
   error::{LemmyError, LemmyErrorType, LemmyResult},
   spawn_try_task,
-  utils::{markdown::markdown_to_html, slurs::check_slurs_opt, validation::check_url_scheme},
+  utils::{
+    markdown::markdown_to_html,
+    slurs::check_slurs_opt,
+    validation::{is_url_blocked, is_valid_url},
+  },
 };
 use std::ops::Deref;
 use stringreader::StringReader;
@@ -180,8 +184,15 @@ impl Object for ApubPost {
     let creator = page.creator()?.dereference(context).await?;
     let community = page.community(context).await?;
     if community.posting_restricted_to_mods {
-      CommunityModeratorView::is_community_moderator(&mut context.pool(), community.id, creator.id)
-        .await?;
+      let is_mod = CommunityModeratorView::is_community_moderator(
+        &mut context.pool(),
+        community.id,
+        creator.id,
+      )
+      .await?;
+      if !is_mod {
+        Err(LemmyErrorType::OnlyModsCanPostInCommunity)?
+      }
     }
     let mut name = page
       .name
@@ -220,14 +231,16 @@ impl Object for ApubPost {
       None
     };
 
+    let url_blocklist = get_url_blocklist(context).await?;
+
     if let Some(url) = &url {
-      check_url_scheme(url)?;
+      is_url_blocked(url, &url_blocklist)?;
+      is_valid_url(url)?;
     }
 
     let alt_text = first_attachment.cloned().and_then(Attachment::alt_text);
 
     let slur_regex = &local_site_opt_to_slur_regex(&local_site);
-    let url_blocklist = get_url_blocklist(context).await?;
 
     let body = read_from_string_or_source_opt(&page.content, &page.media_type, &page.source);
     let body = process_markdown_opt(&body, slur_regex, &url_blocklist, context).await?;

crates/apub/src/objects/private_message.rs

@@ -73,7 +73,7 @@ impl Object for ApubPrivateMessage {
 
   async fn delete(self, _context: &Data<Self::DataType>) -> LemmyResult<()> {
     // do nothing, because pm can't be fetched over http
-    unimplemented!()
+    Err(LemmyErrorType::CouldntFindPrivateMessage.into())
   }
 
   #[tracing::instrument(skip_all)]

crates/apub/src/protocol/activities/community/lock_page.rs

@@ -13,10 +13,10 @@ use lemmy_api_common::context::LemmyContext;
 use lemmy_db_schema::{source::community::Community, traits::Crud};
 use lemmy_utils::{error::LemmyResult, LemmyErrorType};
 use serde::{Deserialize, Serialize};
-use strum_macros::Display;
+use strum::Display;
 use url::Url;
 
-#[derive(Clone, Debug, Deserialize, Serialize, Display)]
+#[derive(Clone, Debug, Display, Deserialize, Serialize)]
 pub enum LockType {
   Lock,
 }

crates/apub/src/protocol/activities/mod.rs

@@ -1,5 +1,5 @@
 use serde::{Deserialize, Serialize};
-use strum_macros::Display;
+use strum::Display;
 
 pub mod block;
 pub mod community;

crates/apub/src/protocol/activities/voting/vote.rs

@@ -8,7 +8,7 @@ use activitypub_federation::{config::Data, fetch::object_id::ObjectId};
 use lemmy_api_common::context::LemmyContext;
 use lemmy_utils::error::{LemmyError, LemmyErrorType, LemmyResult};
 use serde::{Deserialize, Serialize};
-use strum_macros::Display;
+use strum::Display;
 use url::Url;
 
 #[derive(Clone, Debug, Deserialize, Serialize)]

crates/apub/src/protocol/objects/group.rs

@@ -7,7 +7,7 @@ use crate::{
     community_outbox::ApubCommunityOutbox,
   },
   local_site_data_cached,
-  objects::{community::ApubCommunity, read_from_string_or_source_opt, verify_is_remote_object},
+  objects::{community::ApubCommunity, read_from_string_or_source_opt},
   protocol::{
     objects::{Endpoints, LanguageTag},
     ImageObject,
@@ -80,7 +80,6 @@ impl Group {
   ) -> LemmyResult<()> {
     check_apub_id_valid_with_strictness(self.id.inner(), true, context).await?;
     verify_domains_match(expected_domain, self.id.inner())?;
-    verify_is_remote_object(&self.id, context)?;
 
     let local_site_data = local_site_data_cached(&mut context.pool()).await?;
     let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site);

crates/apub/src/protocol/objects/page.rs

@@ -193,10 +193,12 @@ impl ActivityHandler for Page {
   type DataType = LemmyContext;
   type Error = LemmyError;
   fn id(&self) -> &Url {
-    unimplemented!()
+    self.id.inner()
   }
+
   fn actor(&self) -> &Url {
-    unimplemented!()
+    debug_assert!(false);
+    self.id.inner()
   }
   async fn verify(&self, data: &Data<Self::DataType>) -> LemmyResult<()> {
     ApubPost::verify(self, self.id.inner(), data).await

crates/db_schema/Cargo.toml

@@ -27,7 +27,6 @@ full = [
   "lemmy_utils",
   "activitypub_federation",
   "regex",
-  "once_cell",
   "serde_json",
   "diesel_ltree",
   "diesel-async",
@@ -46,7 +45,6 @@ serde = { workspace = true }
 serde_with = { workspace = true }
 url = { workspace = true }
 strum = { workspace = true }
-strum_macros = { workspace = true }
 serde_json = { workspace = true, optional = true }
 activitypub_federation = { workspace = true, optional = true }
 lemmy_utils = { workspace = true, optional = true }
@@ -65,7 +63,6 @@ diesel-async = { workspace = true, features = [
   "deadpool",
 ], optional = true }
 regex = { workspace = true, optional = true }
-once_cell = { workspace = true, optional = true }
 diesel_ltree = { workspace = true, optional = true }
 typed-builder = { workspace = true }
 async-trait = { workspace = true }

crates/db_schema/replaceable_schema/triggers.sql

@@ -564,6 +564,10 @@ BEGIN
     IF NOT (NEW.path ~ ('*.' || id)::lquery) THEN
         NEW.path = NEW.path || id;
     END IF;
+    -- Set local ap_id
+    IF NEW.local THEN
+        NEW.ap_id = coalesce(NEW.ap_id, r.local_url ('/comment/' || id));
+    END IF;
     RETURN NEW;
 END
 $$;
@@ -573,3 +577,39 @@ CREATE TRIGGER change_values
     FOR EACH ROW
     EXECUTE FUNCTION r.comment_change_values ();
 
+CREATE FUNCTION r.post_change_values ()
+    RETURNS TRIGGER
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+    -- Set local ap_id
+    IF NEW.local THEN
+        NEW.ap_id = coalesce(NEW.ap_id, r.local_url ('/post/' || NEW.id::text));
+    END IF;
+    RETURN NEW;
+END
+$$;
+
+CREATE TRIGGER change_values
+    BEFORE INSERT ON post
+    FOR EACH ROW
+    EXECUTE FUNCTION r.post_change_values ();
+
+CREATE FUNCTION r.private_message_change_values ()
+    RETURNS TRIGGER
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+    -- Set local ap_id
+    IF NEW.local THEN
+        NEW.ap_id = coalesce(NEW.ap_id, r.local_url ('/private_message/' || NEW.id::text));
+    END IF;
+    RETURN NEW;
+END
+$$;
+
+CREATE TRIGGER change_values
+    BEFORE INSERT ON private_message
+    FOR EACH ROW
+    EXECUTE FUNCTION r.private_message_change_values ();
+

crates/db_schema/replaceable_schema/utils.sql

@@ -8,7 +8,7 @@ CREATE FUNCTION r.controversy_rank (upvotes numeric, downvotes numeric)
         0
     ELSE
         (
-            upvotes + downvotes) * CASE WHEN upvotes > downvotes THEN
+            upvotes + downvotes) ^ CASE WHEN upvotes > downvotes THEN
             downvotes::float / upvotes::float
         ELSE
             upvotes::float / downvotes::float
@@ -57,6 +57,13 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION r.local_url (url_path text)
+    RETURNS text
+    LANGUAGE sql
+    STABLE PARALLEL SAFE RETURN (
+current_setting('lemmy.protocol_and_hostname') || url_path
+);
+
 -- This function creates statement-level triggers for all operation types. It's designed this way
 -- because of these limitations:
 --   * A trigger that uses transition tables can only handle 1 operation type.

crates/db_schema/src/impls/actor_language.rs

@@ -533,10 +533,7 @@ mod tests {
 
     let person_form = PersonInsertForm::test_form(instance.id, "my test person");
     let person = Person::create(pool, &person_form).await.unwrap();
-    let local_user_form = LocalUserInsertForm::builder()
-      .person_id(person.id)
-      .password_encrypted("my_pw".to_string())
-      .build();
+    let local_user_form = LocalUserInsertForm::test_form(person.id);
 
     let local_user = LocalUser::create(pool, &local_user_form, vec![])
       .await
@@ -645,10 +642,7 @@ mod tests {
 
     let person_form = PersonInsertForm::test_form(instance.id, "my test person");
     let person = Person::create(pool, &person_form).await.unwrap();
-    let local_user_form = LocalUserInsertForm::builder()
-      .person_id(person.id)
-      .password_encrypted("my_pw".to_string())
-      .build();
+    let local_user_form = LocalUserInsertForm::test_form(person.id);
     let local_user = LocalUser::create(pool, &local_user_form, vec![])
       .await
       .unwrap();

crates/db_schema/src/impls/comment.rs

@@ -117,7 +117,7 @@ impl Crud for Comment {
   type UpdateForm = CommentUpdateForm;
   type IdType = CommentId;
 
-  /// This is unimplemented, use [[Comment::create]]
+  /// Use [[Comment::create]]
   async fn create(pool: &mut DbPool<'_>, comment_form: &Self::InsertForm) -> Result<Self, Error> {
     debug_assert!(false);
     Comment::create(pool, comment_form, None).await
@@ -223,6 +223,7 @@ mod tests {
   use diesel_ltree::Ltree;
   use pretty_assertions::assert_eq;
   use serial_test::serial;
+  use url::Url;
 
   #[tokio::test]
   #[serial]
@@ -273,7 +274,12 @@ mod tests {
       path: Ltree(format!("0.{}", inserted_comment.id)),
       published: inserted_comment.published,
       updated: None,
-      ap_id: inserted_comment.ap_id.clone(),
+      ap_id: Url::parse(&format!(
+        "https://lemmy-alpha/comment/{}",
+        inserted_comment.id
+      ))
+      .unwrap()
+      .into(),
       distinguished: false,
       local: true,
       language_id: LanguageId::default(),

crates/db_schema/src/impls/community.rs

@@ -1,7 +1,14 @@
 use crate::{
   diesel::{DecoratableTarget, OptionalExtension},
   newtypes::{CommunityId, DbUrl, PersonId},
-  schema::{community, community_follower, instance},
+  schema::{
+    community,
+    community_follower,
+    community_moderator,
+    community_person_ban,
+    instance,
+    post,
+  },
   source::{
     actor_language::CommunityLanguage,
     community::{
@@ -42,6 +49,7 @@ use diesel::{
   Queryable,
 };
 use diesel_async::RunQueryDsl;
+use lemmy_utils::error::{LemmyErrorType, LemmyResult};
 
 #[async_trait]
 impl Crud for Community {
@@ -83,9 +91,8 @@ impl Joinable for CommunityModerator {
     pool: &mut DbPool<'_>,
     community_moderator_form: &CommunityModeratorForm,
   ) -> Result<Self, Error> {
-    use crate::schema::community_moderator::dsl::community_moderator;
     let conn = &mut get_conn(pool).await?;
-    insert_into(community_moderator)
+    insert_into(community_moderator::table)
       .values(community_moderator_form)
       .get_result::<Self>(conn)
       .await
@@ -95,9 +102,8 @@ impl Joinable for CommunityModerator {
     pool: &mut DbPool<'_>,
     community_moderator_form: &CommunityModeratorForm,
   ) -> Result<usize, Error> {
-    use crate::schema::community_moderator::dsl::community_moderator;
     let conn = &mut get_conn(pool).await?;
-    diesel::delete(community_moderator.find((
+    diesel::delete(community_moderator::table.find((
       community_moderator_form.person_id,
       community_moderator_form.community_id,
     )))
@@ -147,25 +153,23 @@ impl Community {
     pool: &mut DbPool<'_>,
     url: &DbUrl,
   ) -> Result<Option<(Community, CollectionType)>, Error> {
-    use crate::schema::community::dsl::{featured_url, moderators_url};
-    use CollectionType::*;
     let conn = &mut get_conn(pool).await?;
     let res = community::table
-      .filter(moderators_url.eq(url))
+      .filter(community::moderators_url.eq(url))
       .first(conn)
       .await
       .optional()?;
 
     if let Some(c) = res {
-      Ok(Some((c, Moderators)))
+      Ok(Some((c, CollectionType::Moderators)))
     } else {
       let res = community::table
-        .filter(featured_url.eq(url))
+        .filter(community::featured_url.eq(url))
         .first(conn)
         .await
         .optional()?;
       if let Some(c) = res {
-        Ok(Some((c, Featured)))
+        Ok(Some((c, CollectionType::Featured)))
       } else {
         Ok(None)
       }
@@ -177,7 +181,6 @@ impl Community {
     posts: Vec<Post>,
     pool: &mut DbPool<'_>,
   ) -> Result<(), Error> {
-    use crate::schema::post;
     let conn = &mut get_conn(pool).await?;
     for p in &posts {
       debug_assert!(p.community_id == community_id);
@@ -185,10 +188,10 @@ impl Community {
     // Mark the given posts as featured and all other posts as not featured.
     let post_ids = posts.iter().map(|p| p.id);
     update(post::table)
-      .filter(post::dsl::community_id.eq(community_id))
+      .filter(post::community_id.eq(community_id))
       // This filter is just for performance
-      .filter(post::dsl::featured_community.or(post::dsl::id.eq_any(post_ids.clone())))
-      .set(post::dsl::featured_community.eq(post::dsl::id.eq_any(post_ids)))
+      .filter(post::featured_community.or(post::id.eq_any(post_ids.clone())))
+      .set(post::featured_community.eq(post::id.eq_any(post_ids)))
       .execute(conn)
       .await?;
     Ok(())
@@ -200,37 +203,68 @@ impl CommunityModerator {
     pool: &mut DbPool<'_>,
     for_community_id: CommunityId,
   ) -> Result<usize, Error> {
-    use crate::schema::community_moderator::dsl::{community_id, community_moderator};
     let conn = &mut get_conn(pool).await?;
 
-    diesel::delete(community_moderator.filter(community_id.eq(for_community_id)))
-      .execute(conn)
-      .await
+    diesel::delete(
+      community_moderator::table.filter(community_moderator::community_id.eq(for_community_id)),
+    )
+    .execute(conn)
+    .await
   }
 
   pub async fn leave_all_communities(
     pool: &mut DbPool<'_>,
     for_person_id: PersonId,
   ) -> Result<usize, Error> {
-    use crate::schema::community_moderator::dsl::{community_moderator, person_id};
     let conn = &mut get_conn(pool).await?;
-    diesel::delete(community_moderator.filter(person_id.eq(for_person_id)))
-      .execute(conn)
-      .await
+    diesel::delete(
+      community_moderator::table.filter(community_moderator::person_id.eq(for_person_id)),
+    )
+    .execute(conn)
+    .await
   }
 
   pub async fn get_person_moderated_communities(
     pool: &mut DbPool<'_>,
     for_person_id: PersonId,
   ) -> Result<Vec<CommunityId>, Error> {
-    use crate::schema::community_moderator::dsl::{community_id, community_moderator, person_id};
     let conn = &mut get_conn(pool).await?;
-    community_moderator
-      .filter(person_id.eq(for_person_id))
-      .select(community_id)
+    community_moderator::table
+      .filter(community_moderator::person_id.eq(for_person_id))
+      .select(community_moderator::community_id)
       .load::<CommunityId>(conn)
       .await
   }
+
+  /// Checks to make sure the acting moderator was added earlier than the target moderator
+  pub async fn is_higher_mod_check(
+    pool: &mut DbPool<'_>,
+    for_community_id: CommunityId,
+    mod_person_id: PersonId,
+    target_person_ids: Vec<PersonId>,
+  ) -> LemmyResult<()> {
+    let conn = &mut get_conn(pool).await?;
+
+    // Build the list of persons
+    let mut persons = target_person_ids;
+    persons.push(mod_person_id);
+    persons.dedup();
+
+    let res = community_moderator::table
+      .filter(community_moderator::community_id.eq(for_community_id))
+      .filter(community_moderator::person_id.eq_any(persons))
+      .order_by(community_moderator::published)
+      // This does a limit 1 select first
+      .first::<CommunityModerator>(conn)
+      .await?;
+
+    // If the first result sorted by published is the acting mod
+    if res.person_id == mod_person_id {
+      Ok(())
+    } else {
+      Err(LemmyErrorType::NotHigherMod)?
+    }
+  }
 }
 
 #[async_trait]
@@ -240,11 +274,13 @@ impl Bannable for CommunityPersonBan {
     pool: &mut DbPool<'_>,
     community_person_ban_form: &CommunityPersonBanForm,
   ) -> Result<Self, Error> {
-    use crate::schema::community_person_ban::dsl::{community_id, community_person_ban, person_id};
     let conn = &mut get_conn(pool).await?;
-    insert_into(community_person_ban)
+    insert_into(community_person_ban::table)
       .values(community_person_ban_form)
-      .on_conflict((community_id, person_id))
+      .on_conflict((
+        community_person_ban::community_id,
+        community_person_ban::person_id,
+      ))
       .do_update()
       .set(community_person_ban_form)
       .get_result::<Self>(conn)
@@ -255,9 +291,8 @@ impl Bannable for CommunityPersonBan {
     pool: &mut DbPool<'_>,
     community_person_ban_form: &CommunityPersonBanForm,
   ) -> Result<usize, Error> {
-    use crate::schema::community_person_ban::dsl::community_person_ban;
     let conn = &mut get_conn(pool).await?;
-    diesel::delete(community_person_ban.find((
+    diesel::delete(community_person_ban::table.find((
       community_person_ban_form.person_id,
       community_person_ban_form.community_id,
     )))
@@ -291,11 +326,10 @@ impl CommunityFollower {
     pool: &mut DbPool<'_>,
     remote_community_id: CommunityId,
   ) -> Result<bool, Error> {
-    use crate::schema::community_follower::dsl::{community_follower, community_id};
     let conn = &mut get_conn(pool).await?;
-    select(exists(
-      community_follower.filter(community_id.eq(remote_community_id)),
-    ))
+    select(exists(community_follower::table.filter(
+      community_follower::community_id.eq(remote_community_id),
+    )))
     .get_result(conn)
     .await
   }
@@ -316,11 +350,13 @@ impl Queryable<sql_types::Nullable<sql_types::Bool>, Pg> for SubscribedType {
 impl Followable for CommunityFollower {
   type Form = CommunityFollowerForm;
   async fn follow(pool: &mut DbPool<'_>, form: &CommunityFollowerForm) -> Result<Self, Error> {
-    use crate::schema::community_follower::dsl::{community_follower, community_id, person_id};
     let conn = &mut get_conn(pool).await?;
-    insert_into(community_follower)
+    insert_into(community_follower::table)
       .values(form)
-      .on_conflict((community_id, person_id))
+      .on_conflict((
+        community_follower::community_id,
+        community_follower::person_id,
+      ))
       .do_update()
       .set(form)
       .get_result::<Self>(conn)
@@ -331,17 +367,16 @@ impl Followable for CommunityFollower {
     community_id: CommunityId,
     person_id: PersonId,
   ) -> Result<Self, Error> {
-    use crate::schema::community_follower::dsl::{community_follower, pending};
     let conn = &mut get_conn(pool).await?;
-    diesel::update(community_follower.find((person_id, community_id)))
-      .set(pending.eq(false))
+    diesel::update(community_follower::table.find((person_id, community_id)))
+      .set(community_follower::pending.eq(false))
       .get_result::<Self>(conn)
       .await
   }
+
   async fn unfollow(pool: &mut DbPool<'_>, form: &CommunityFollowerForm) -> Result<usize, Error> {
-    use crate::schema::community_follower::dsl::community_follower;
     let conn = &mut get_conn(pool).await?;
-    diesel::delete(community_follower.find((form.person_id, form.community_id)))
+    diesel::delete(community_follower::table.find((form.person_id, form.community_id)))
       .execute(conn)
       .await
   }
@@ -397,10 +432,8 @@ impl ApubActor for Community {
 }
 
 #[cfg(test)]
-#[allow(clippy::unwrap_used)]
 #[allow(clippy::indexing_slicing)]
 mod tests {
-
   use crate::{
     source::{
       community::{
@@ -415,28 +448,30 @@ mod tests {
         CommunityUpdateForm,
       },
       instance::Instance,
+      local_user::LocalUser,
       person::{Person, PersonInsertForm},
     },
     traits::{Bannable, Crud, Followable, Joinable},
     utils::build_db_pool_for_tests,
     CommunityVisibility,
   };
+  use lemmy_utils::{error::LemmyResult, LemmyErrorType};
   use pretty_assertions::assert_eq;
   use serial_test::serial;
 
   #[tokio::test]
   #[serial]
-  async fn test_crud() {
+  async fn test_crud() -> LemmyResult<()> {
     let pool = &build_db_pool_for_tests().await;
     let pool = &mut pool.into();
 
-    let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string())
-      .await
-      .unwrap();
+    let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string()).await?;
 
-    let new_person = PersonInsertForm::test_form(inserted_instance.id, "bobbee");
+    let bobby_person = PersonInsertForm::test_form(inserted_instance.id, "bobby");
+    let inserted_bobby = Person::create(pool, &bobby_person).await?;
 
-    let inserted_person = Person::create(pool, &new_person).await.unwrap();
+    let artemis_person = PersonInsertForm::test_form(inserted_instance.id, "artemis");
+    let inserted_artemis = Person::create(pool, &artemis_person).await?;
 
     let new_community = CommunityInsertForm::builder()
       .name("TIL".into())
@@ -445,7 +480,7 @@ mod tests {
       .instance_id(inserted_instance.id)
       .build();
 
-    let inserted_community = Community::create(pool, &new_community).await.unwrap();
+    let inserted_community = Community::create(pool, &new_community).await?;
 
     let expected_community = Community {
       id: inserted_community.id,
@@ -477,91 +512,120 @@ mod tests {
 
     let community_follower_form = CommunityFollowerForm {
       community_id: inserted_community.id,
-      person_id: inserted_person.id,
+      person_id: inserted_bobby.id,
       pending: false,
     };
 
-    let inserted_community_follower = CommunityFollower::follow(pool, &community_follower_form)
-      .await
-      .unwrap();
+    let inserted_community_follower =
+      CommunityFollower::follow(pool, &community_follower_form).await?;
 
     let expected_community_follower = CommunityFollower {
       community_id: inserted_community.id,
-      person_id: inserted_person.id,
+      person_id: inserted_bobby.id,
       pending: false,
       published: inserted_community_follower.published,
     };
 
-    let community_moderator_form = CommunityModeratorForm {
+    let bobby_moderator_form = CommunityModeratorForm {
       community_id: inserted_community.id,
-      person_id: inserted_person.id,
+      person_id: inserted_bobby.id,
     };
 
-    let inserted_community_moderator = CommunityModerator::join(pool, &community_moderator_form)
-      .await
-      .unwrap();
+    let inserted_bobby_moderator = CommunityModerator::join(pool, &bobby_moderator_form).await?;
+
+    let artemis_moderator_form = CommunityModeratorForm {
+      community_id: inserted_community.id,
+      person_id: inserted_artemis.id,
+    };
+
+    let _inserted_artemis_moderator =
+      CommunityModerator::join(pool, &artemis_moderator_form).await?;
 
     let expected_community_moderator = CommunityModerator {
       community_id: inserted_community.id,
-      person_id: inserted_person.id,
-      published: inserted_community_moderator.published,
+      person_id: inserted_bobby.id,
+      published: inserted_bobby_moderator.published,
     };
 
+    let moderator_person_ids = vec![inserted_bobby.id, inserted_artemis.id];
+
+    // Make sure bobby is marked as a higher mod than artemis, and vice versa
+    let bobby_higher_check = CommunityModerator::is_higher_mod_check(
+      pool,
+      inserted_community.id,
+      inserted_bobby.id,
+      moderator_person_ids.clone(),
+    )
+    .await;
+    assert!(bobby_higher_check.is_ok());
+
+    // Also check the other is_higher_mod_or_admin function just in case
+    let bobby_higher_check_2 = LocalUser::is_higher_mod_or_admin_check(
+      pool,
+      inserted_community.id,
+      inserted_bobby.id,
+      moderator_person_ids.clone(),
+    )
+    .await;
+    assert!(bobby_higher_check_2.is_ok());
+
+    // This should throw an error, since artemis was added later
+    let artemis_higher_check = CommunityModerator::is_higher_mod_check(
+      pool,
+      inserted_community.id,
+      inserted_artemis.id,
+      moderator_person_ids,
+    )
+    .await;
+    assert!(artemis_higher_check.is_err());
+
     let community_person_ban_form = CommunityPersonBanForm {
       community_id: inserted_community.id,
-      person_id: inserted_person.id,
+      person_id: inserted_bobby.id,
       expires: None,
     };
 
-    let inserted_community_person_ban = CommunityPersonBan::ban(pool, &community_person_ban_form)
-      .await
-      .unwrap();
+    let inserted_community_person_ban =
+      CommunityPersonBan::ban(pool, &community_person_ban_form).await?;
 
     let expected_community_person_ban = CommunityPersonBan {
       community_id: inserted_community.id,
-      person_id: inserted_person.id,
+      person_id: inserted_bobby.id,
       published: inserted_community_person_ban.published,
       expires: None,
     };
 
     let read_community = Community::read(pool, inserted_community.id)
-      .await
-      .unwrap()
-      .unwrap();
+      .await?
+      .ok_or(LemmyErrorType::CouldntFindCommunity)?;
 
     let update_community_form = CommunityUpdateForm {
       title: Some("nada".to_owned()),
       ..Default::default()
     };
-    let updated_community = Community::update(pool, inserted_community.id, &update_community_form)
-      .await
-      .unwrap();
+    let updated_community =
+      Community::update(pool, inserted_community.id, &update_community_form).await?;
 
-    let ignored_community = CommunityFollower::unfollow(pool, &community_follower_form)
-      .await
-      .unwrap();
-    let left_community = CommunityModerator::leave(pool, &community_moderator_form)
-      .await
-      .unwrap();
-    let unban = CommunityPersonBan::unban(pool, &community_person_ban_form)
-      .await
-      .unwrap();
-    let num_deleted = Community::delete(pool, inserted_community.id)
-      .await
-      .unwrap();
-    Person::delete(pool, inserted_person.id).await.unwrap();
-    Instance::delete(pool, inserted_instance.id).await.unwrap();
+    let ignored_community = CommunityFollower::unfollow(pool, &community_follower_form).await?;
+    let left_community = CommunityModerator::leave(pool, &bobby_moderator_form).await?;
+    let unban = CommunityPersonBan::unban(pool, &community_person_ban_form).await?;
+    let num_deleted = Community::delete(pool, inserted_community.id).await?;
+    Person::delete(pool, inserted_bobby.id).await?;
+    Person::delete(pool, inserted_artemis.id).await?;
+    Instance::delete(pool, inserted_instance.id).await?;
 
     assert_eq!(expected_community, read_community);
     assert_eq!(expected_community, inserted_community);
     assert_eq!(expected_community, updated_community);
     assert_eq!(expected_community_follower, inserted_community_follower);
-    assert_eq!(expected_community_moderator, inserted_community_moderator);
+    assert_eq!(expected_community_moderator, inserted_bobby_moderator);
     assert_eq!(expected_community_person_ban, inserted_community_person_ban);
     assert_eq!(1, ignored_community);
     assert_eq!(1, left_community);
     assert_eq!(1, unban);
     // assert_eq!(2, loaded_count);
     assert_eq!(1, num_deleted);
+
+    Ok(())
   }
 }

crates/db_schema/src/impls/images.rs

@@ -1,7 +1,14 @@
 use crate::{
   newtypes::DbUrl,
-  schema::{local_image, remote_image},
-  source::images::{LocalImage, LocalImageForm, RemoteImage, RemoteImageForm},
+  schema::{image_details, local_image, remote_image},
+  source::images::{
+    ImageDetails,
+    ImageDetailsForm,
+    LocalImage,
+    LocalImageForm,
+    RemoteImage,
+    RemoteImageForm,
+  },
   utils::{get_conn, DbPool},
 };
 use diesel::{
@@ -13,15 +20,29 @@ use diesel::{
   NotFound,
   QueryDsl,
 };
-use diesel_async::RunQueryDsl;
-use url::Url;
+use diesel_async::{AsyncPgConnection, RunQueryDsl};
 
 impl LocalImage {
-  pub async fn create(pool: &mut DbPool<'_>, form: &LocalImageForm) -> Result<Self, Error> {
+  pub async fn create(
+    pool: &mut DbPool<'_>,
+    form: &LocalImageForm,
+    image_details_form: &ImageDetailsForm,
+  ) -> Result<Self, Error> {
     let conn = &mut get_conn(pool).await?;
-    insert_into(local_image::table)
-      .values(form)
-      .get_result::<Self>(conn)
+    conn
+      .build_transaction()
+      .run(|conn| {
+        Box::pin(async move {
+          let local_insert = insert_into(local_image::table)
+            .values(form)
+            .get_result::<Self>(conn)
+            .await;
+
+          ImageDetails::create(conn, image_details_form).await?;
+
+          local_insert
+        }) as _
+      })
       .await
   }
 
@@ -39,16 +60,26 @@ impl LocalImage {
 }
 
 impl RemoteImage {
-  pub async fn create(pool: &mut DbPool<'_>, links: Vec<Url>) -> Result<usize, Error> {
+  pub async fn create(pool: &mut DbPool<'_>, form: &ImageDetailsForm) -> Result<usize, Error> {
     let conn = &mut get_conn(pool).await?;
-    let forms = links
-      .into_iter()
-      .map(|url| RemoteImageForm { link: url.into() })
-      .collect::<Vec<_>>();
-    insert_into(remote_image::table)
-      .values(forms)
-      .on_conflict_do_nothing()
-      .execute(conn)
+    conn
+      .build_transaction()
+      .run(|conn| {
+        Box::pin(async move {
+          let remote_image_form = RemoteImageForm {
+            link: form.link.clone(),
+          };
+          let remote_insert = insert_into(remote_image::table)
+            .values(remote_image_form)
+            .on_conflict_do_nothing()
+            .execute(conn)
+            .await;
+
+          ImageDetails::create(conn, form).await?;
+
+          remote_insert
+        }) as _
+      })
       .await
   }
 
@@ -67,3 +98,16 @@ impl RemoteImage {
     }
   }
 }
+
+impl ImageDetails {
+  pub(crate) async fn create(
+    conn: &mut AsyncPgConnection,
+    form: &ImageDetailsForm,
+  ) -> Result<usize, Error> {
+    insert_into(image_details::table)
+      .values(form)
+      .on_conflict_do_nothing()
+      .execute(conn)
+      .await
+  }
+}

crates/db_schema/src/impls/local_site.rs

@@ -7,7 +7,7 @@ use diesel::{dsl::insert_into, result::Error};
 use diesel_async::RunQueryDsl;
 use lemmy_utils::{error::LemmyResult, CACHE_DURATION_API};
 use moka::future::Cache;
-use once_cell::sync::Lazy;
+use std::sync::LazyLock;
 
 impl LocalSite {
   pub async fn create(pool: &mut DbPool<'_>, form: &LocalSiteInsertForm) -> Result<Self, Error> {
@@ -18,7 +18,7 @@ impl LocalSite {
       .await
   }
   pub async fn read(pool: &mut DbPool<'_>) -> LemmyResult<Self> {
-    static CACHE: Lazy<Cache<(), LocalSite>> = Lazy::new(|| {
+    static CACHE: LazyLock<Cache<(), LocalSite>> = LazyLock::new(|| {
       Cache::builder()
         .max_capacity(1)
         .time_to_live(CACHE_DURATION_API)

crates/db_schema/src/impls/local_user.rs

@@ -1,6 +1,6 @@
 use crate::{
-  newtypes::{DbUrl, LanguageId, LocalUserId, PersonId},
-  schema::{local_user, person, registration_application},
+  newtypes::{CommunityId, DbUrl, LanguageId, LocalUserId, PersonId},
+  schema::{community, community_moderator, local_user, person, registration_application},
   source::{
     actor_language::LocalUserLanguage,
     local_user::{LocalUser, LocalUserInsertForm, LocalUserUpdateForm},
@@ -13,16 +13,19 @@ use crate::{
     now,
     DbPool,
   },
+  CommunityVisibility,
 };
 use bcrypt::{hash, DEFAULT_COST};
 use diesel::{
   dsl::{insert_into, not, IntervalDsl},
   result::Error,
+  CombineDsl,
   ExpressionMethods,
   JoinOnDsl,
   QueryDsl,
 };
 use diesel_async::RunQueryDsl;
+use lemmy_utils::error::{LemmyErrorType, LemmyResult};
 
 impl LocalUser {
   pub async fn create(
@@ -112,11 +115,11 @@ impl LocalUser {
     let conn = &mut get_conn(pool).await?;
 
     // Make sure:
-    // - The deny reason exists
+    // - An admin has interacted with the application
     // - The app is older than a week
     // - The accepted_application is false
     let old_denied_registrations = registration_application::table
-      .filter(registration_application::deny_reason.is_not_null())
+      .filter(registration_application::admin_id.is_not_null())
       .filter(registration_application::published.lt(now() - 1.week()))
       .select(registration_application::local_user_id);
 
@@ -215,6 +218,72 @@ impl LocalUser {
       blocked_instances,
     })
   }
+
+  /// Checks to make sure the acting admin is higher than the target admin
+  pub async fn is_higher_admin_check(
+    pool: &mut DbPool<'_>,
+    admin_person_id: PersonId,
+    target_person_ids: Vec<PersonId>,
+  ) -> LemmyResult<()> {
+    let conn = &mut get_conn(pool).await?;
+
+    // Build the list of persons
+    let mut persons = target_person_ids;
+    persons.push(admin_person_id);
+    persons.dedup();
+
+    let res = local_user::table
+      .filter(local_user::admin.eq(true))
+      .filter(local_user::person_id.eq_any(persons))
+      .order_by(local_user::id)
+      // This does a limit 1 select first
+      .first::<LocalUser>(conn)
+      .await?;
+
+    // If the first result sorted by published is the acting admin
+    if res.person_id == admin_person_id {
+      Ok(())
+    } else {
+      Err(LemmyErrorType::NotHigherAdmin)?
+    }
+  }
+
+  /// Checks to make sure the acting moderator is higher than the target moderator
+  pub async fn is_higher_mod_or_admin_check(
+    pool: &mut DbPool<'_>,
+    for_community_id: CommunityId,
+    admin_person_id: PersonId,
+    target_person_ids: Vec<PersonId>,
+  ) -> LemmyResult<()> {
+    let conn = &mut get_conn(pool).await?;
+
+    // Build the list of persons
+    let mut persons = target_person_ids;
+    persons.push(admin_person_id);
+    persons.dedup();
+
+    let admins = local_user::table
+      .filter(local_user::admin.eq(true))
+      .filter(local_user::person_id.eq_any(&persons))
+      .order_by(local_user::id)
+      .select(local_user::person_id);
+
+    let mods = community_moderator::table
+      .filter(community_moderator::community_id.eq(for_community_id))
+      .filter(community_moderator::person_id.eq_any(&persons))
+      .order_by(community_moderator::published)
+      .select(community_moderator::person_id);
+
+    let res = admins.union_all(mods).get_results::<PersonId>(conn).await?;
+    let first_person = res.as_slice().first().ok_or(LemmyErrorType::NotHigherMod)?;
+
+    // If the first result sorted by published is the acting mod
+    if *first_person == admin_person_id {
+      Ok(())
+    } else {
+      Err(LemmyErrorType::NotHigherMod)?
+    }
+  }
 }
 
 /// Adds some helper functions for an optional LocalUser
@@ -225,6 +294,12 @@ pub trait LocalUserOptionHelper {
   fn show_read_posts(&self) -> bool;
   fn is_admin(&self) -> bool;
   fn show_nsfw(&self, site: &Site) -> bool;
+  fn visible_communities_only<Q>(&self, query: Q) -> Q
+  where
+    Q: diesel::query_dsl::methods::FilterDsl<
+      diesel::dsl::Eq<community::visibility, CommunityVisibility>,
+      Output = Q,
+    >;
 }
 
 impl LocalUserOptionHelper for Option<&LocalUser> {
@@ -253,14 +328,32 @@ impl LocalUserOptionHelper for Option<&LocalUser> {
       .map(|l| l.show_nsfw)
       .unwrap_or(site.content_warning.is_some())
   }
+
+  fn visible_communities_only<Q>(&self, query: Q) -> Q
+  where
+    Q: diesel::query_dsl::methods::FilterDsl<
+      diesel::dsl::Eq<community::visibility, CommunityVisibility>,
+      Output = Q,
+    >,
+  {
+    if self.is_none() {
+      query.filter(community::visibility.eq(CommunityVisibility::Public))
+    } else {
+      query
+    }
+  }
 }
 
 impl LocalUserInsertForm {
   pub fn test_form(person_id: PersonId) -> Self {
-    Self::builder()
-      .person_id(person_id)
-      .password_encrypted(String::new())
-      .build()
+    Self::new(person_id, String::new())
+  }
+
+  pub fn test_form_admin(person_id: PersonId) -> Self {
+    LocalUserInsertForm {
+      admin: Some(true),
+      ..Self::test_form(person_id)
+    }
   }
 }
 
@@ -272,3 +365,58 @@ pub struct UserBackupLists {
   pub blocked_users: Vec<DbUrl>,
   pub blocked_instances: Vec<String>,
 }
+
+#[cfg(test)]
+#[allow(clippy::indexing_slicing)]
+mod tests {
+  use crate::{
+    source::{
+      instance::Instance,
+      local_user::{LocalUser, LocalUserInsertForm},
+      person::{Person, PersonInsertForm},
+    },
+    traits::Crud,
+    utils::build_db_pool_for_tests,
+  };
+  use lemmy_utils::error::LemmyResult;
+  use serial_test::serial;
+
+  #[tokio::test]
+  #[serial]
+  async fn test_admin_higher_check() -> LemmyResult<()> {
+    let pool = &build_db_pool_for_tests().await;
+    let pool = &mut pool.into();
+
+    let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string()).await?;
+
+    let fiona_person = PersonInsertForm::test_form(inserted_instance.id, "fiona");
+    let inserted_fiona_person = Person::create(pool, &fiona_person).await?;
+
+    let fiona_local_user_form = LocalUserInsertForm::test_form_admin(inserted_fiona_person.id);
+    let _inserted_fiona_local_user =
+      LocalUser::create(pool, &fiona_local_user_form, vec![]).await?;
+
+    let delores_person = PersonInsertForm::test_form(inserted_instance.id, "delores");
+    let inserted_delores_person = Person::create(pool, &delores_person).await?;
+    let delores_local_user_form = LocalUserInsertForm::test_form_admin(inserted_delores_person.id);
+    let _inserted_delores_local_user =
+      LocalUser::create(pool, &delores_local_user_form, vec![]).await?;
+
+    let admin_person_ids = vec![inserted_fiona_person.id, inserted_delores_person.id];
+
+    // Make sure fiona is marked as a higher admin than delores, and vice versa
+    let fiona_higher_check =
+      LocalUser::is_higher_admin_check(pool, inserted_fiona_person.id, admin_person_ids.clone())
+        .await;
+    assert!(fiona_higher_check.is_ok());
+
+    // This should throw an error, since delores was added later
+    let delores_higher_check =
+      LocalUser::is_higher_admin_check(pool, inserted_delores_person.id, admin_person_ids).await;
+    assert!(delores_higher_check.is_err());
+
+    Instance::delete(pool, inserted_instance.id).await?;
+
+    Ok(())
+  }
+}

crates/db_schema/src/impls/local_user_vote_display_mode.rs

@@ -31,6 +31,7 @@ impl LocalUserVoteDisplayMode {
       .get_result::<Self>(conn)
       .await
   }
+
   pub async fn update(
     pool: &mut DbPool<'_>,
     local_user_id: LocalUserId,

crates/db_schema/src/impls/password_reset_request.rs

@@ -72,10 +72,7 @@ mod tests {
     let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string()).await?;
     let new_person = PersonInsertForm::test_form(inserted_instance.id, "thommy prw");
     let inserted_person = Person::create(pool, &new_person).await?;
-    let new_local_user = LocalUserInsertForm::builder()
-      .person_id(inserted_person.id)
-      .password_encrypted("pass".to_string())
-      .build();
+    let new_local_user = LocalUserInsertForm::test_form(inserted_person.id);
     let inserted_local_user = LocalUser::create(pool, &new_local_user, vec![]).await?;
 
     // Create password reset token