LemmyNet
/
lemmy
3
2
Fork 3
Code Pull Requests 1 Releases Wiki Activity

Move check_community_ban() into helper function

This commit is contained in:
Felix Ableitner 2020-08-03 15:57:19 +02:00
parent 7d1dd78f86
commit bdf6d7c629
3 changed files with 61 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
server/src/api/comment.rs
View File

@ -1,5 +1,13 @@
use crate::{
api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform},
api::{
check_community_ban,
get_user_from_jwt,
get_user_from_jwt_opt,
is_mod_or_admin,
APIError,
Oper,
Perform,
},
apub::{ApubLikeableType, ApubObjectType},
blocking,
websocket::{
@ -13,7 +21,6 @@ use crate::{
use lemmy_db::{
comment::*,
comment_view::*,
community_view::*,
moderator::*,
post::*,
site_view::*,
@ -145,13 +152,7 @@ impl Perform for Oper<CreateComment> {
let post_id = data.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, post.community_id, pool).await?;
// Check if post is locked, no new comments
if post.locked {
@ -192,7 +193,7 @@ impl Perform for Oper<CreateComment> {
let like_form = CommentLikeForm {
comment_id: inserted_comment.id,
post_id: data.post_id,
user_id,
user_id: user.id,
score: 1,
};
@ -203,6 +204,7 @@ impl Perform for Oper<CreateComment> {
updated_comment.send_like(&user, &self.client, pool).await?;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| {
CommentView::read(&conn, inserted_comment.id, Some(user_id))
})
@ -246,14 +248,7 @@ impl Perform for Oper<EditComment> {
let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_comment.community_id, pool).await?;
// Verify that only the creator can edit
if user.id != orig_comment.creator_id {
@ -287,6 +282,7 @@ impl Perform for Oper<EditComment> {
send_local_notifs(mentions, updated_comment, &user, post, pool, false).await?;
let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id))
})
@ -330,17 +326,10 @@ impl Perform for Oper<DeleteComment> {
let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_comment.community_id, pool).await?;
// Verify that only the creator can delete
if user_id != orig_comment.creator_id {
if user.id != orig_comment.creator_id {
return Err(APIError::err("no_comment_edit_allowed").into());
}
@ -368,6 +357,7 @@ impl Perform for Oper<DeleteComment> {
// Refetch it
let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id))
})
@ -418,17 +408,10 @@ impl Perform for Oper<RemoveComment> {
let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_comment.community_id, pool).await?;
// Verify that only a mod or admin can remove
is_mod_or_admin(pool, user_id, community_id).await?;
is_mod_or_admin(pool, user.id, orig_comment.community_id).await?;
// Do the remove
let removed = data.removed;
@ -443,7 +426,7 @@ impl Perform for Oper<RemoveComment> {
// Mod tables
let form = ModRemoveCommentForm {
mod_user_id: user_id,
mod_user_id: user.id,
comment_id: data.edit_id,
removed: Some(removed),
reason: data.reason.to_owned(),
@ -463,6 +446,7 @@ impl Perform for Oper<RemoveComment> {
// Refetch it
let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id))
})
@ -513,14 +497,7 @@ impl Perform for Oper<MarkCommentAsRead> {
let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_comment.community_id, pool).await?;
// Verify that only the recipient can mark as read
// Needs to fetch the parent comment / post to get the recipient
@ -529,7 +506,7 @@ impl Perform for Oper<MarkCommentAsRead> {
Some(pid) => {
let parent_comment =
blocking(pool, move |conn| CommentView::read(&conn, pid, None)).await??;
if user_id != parent_comment.creator_id {
if user.id != parent_comment.creator_id {
return Err(APIError::err("no_comment_edit_allowed").into());
}
}
@ -551,6 +528,7 @@ impl Perform for Oper<MarkCommentAsRead> {
// Refetch it
let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id))
})
@ -636,16 +614,9 @@ impl Perform for Oper<CreateCommentLike> {
let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, comment_id, None)).await??;
// Check for a community ban
let post_id = orig_comment.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, post.community_id, pool).await?;
let comment_id = data.comment_id;
let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??;
@ -654,7 +625,7 @@ impl Perform for Oper<CreateCommentLike> {
match comment.parent_id {
Some(parent_id) => {
let parent_comment = blocking(pool, move |conn| Comment::read(conn, parent_id)).await??;
if parent_comment.creator_id != user_id {
if parent_comment.creator_id != user.id {
let parent_user = blocking(pool, move |conn| {
User_::read(conn, parent_comment.creator_id)
})
@ -670,7 +641,7 @@ impl Perform for Oper<CreateCommentLike> {
let like_form = CommentLikeForm {
comment_id: data.comment_id,
post_id,
user_id,
user_id: user.id,
score: data.score,
};
@ -698,6 +669,7 @@ impl Perform for Oper<CreateCommentLike> {
// Have to refetch the comment to get the current state
let comment_id = data.comment_id;
let user_id = user.id;
let liked_comment = blocking(pool, move |conn| {
CommentView::read(conn, comment_id, Some(user_id))
})

12
server/src/api/mod.rs
View File

@ -117,3 +117,15 @@ pub(in crate::api) fn check_slurs_opt(text: &Option<String>) -> Result<(), APIEr
None => Ok(()),
}
}
pub(in crate::api) async fn check_community_ban(
user_id: i32,
community_id: i32,
pool: &DbPool,
) -> Result<(), LemmyError> {
let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
Err(APIError::err("community_ban").into())
} else {
Ok(())
}
}

87
server/src/api/post.rs
View File

@ -1,5 +1,6 @@
use crate::{
api::{
check_community_ban,
check_slurs,
check_slurs_opt,
get_user_from_jwt,
@ -157,14 +158,7 @@ impl Perform for Oper<CreatePost> {
return Err(APIError::err("invalid_post_title").into());
}
// Check for a community ban
let community_id = data.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, data.community_id, pool).await?;
if let Some(url) = data.url.as_ref() {
match Url::parse(url) {
@ -423,17 +417,11 @@ impl Perform for Oper<CreatePostLike> {
let post_id = data.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, post.community_id, pool).await?;
let like_form = PostLikeForm {
post_id: data.post_id,
user_id,
user_id: user.id,
score: data.score,
};
@ -460,6 +448,7 @@ impl Perform for Oper<CreatePostLike> {
}
let post_id = data.post_id;
let user_id = user.id;
let post_view = match blocking(pool, move |conn| {
PostView::read(conn, post_id, Some(user_id))
})
@ -505,14 +494,7 @@ impl Perform for Oper<EditPost> {
let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_post.community_id, pool).await?;
// Verify that only the creator can edit
if !Post::is_post_creator(user.id, orig_post.creator_id) {
@ -564,7 +546,7 @@ impl Perform for Oper<EditPost> {
let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id))
PostView::read(conn, edit_id, Some(user.id))
})
.await??;
@ -597,17 +579,10 @@ impl Perform for Oper<DeletePost> {
let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_post.community_id, pool).await?;
// Verify that only the creator can delete
if !Post::is_post_creator(user_id, orig_post.creator_id) {
if !Post::is_post_creator(user.id, orig_post.creator_id) {
return Err(APIError::err("no_post_edit_allowed").into());
}
@ -631,7 +606,7 @@ impl Perform for Oper<DeletePost> {
// Refetch the post
let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id))
PostView::read(conn, edit_id, Some(user.id))
})
.await??;
@ -664,17 +639,10 @@ impl Perform for Oper<RemovePost> {
let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_post.community_id, pool).await?;
// Verify that only the mods can remove
is_mod_or_admin(pool, user.id, community_id).await?;
is_mod_or_admin(pool, user.id, orig_post.community_id).await?;
// Update the post
let edit_id = data.edit_id;
@ -704,6 +672,7 @@ impl Perform for Oper<RemovePost> {
// Refetch the post
let edit_id = data.edit_id;
let user_id = user.id;
let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id))
})
@ -738,17 +707,10 @@ impl Perform for Oper<LockPost> {
let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_post.community_id, pool).await?;
// Verify that only the mods can lock
is_mod_or_admin(pool, user_id, community_id).await?;
is_mod_or_admin(pool, user.id, orig_post.community_id).await?;
// Update the post
let edit_id = data.edit_id;
@ -758,7 +720,7 @@ impl Perform for Oper<LockPost> {
// Mod tables
let form = ModLockPostForm {
mod_user_id: user_id,
mod_user_id: user.id,
post_id: data.edit_id,
locked: Some(locked),
};
@ -770,7 +732,7 @@ impl Perform for Oper<LockPost> {
// Refetch the post
let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id))
PostView::read(conn, edit_id, Some(user.id))
})
.await??;
@ -803,17 +765,10 @@ impl Perform for Oper<StickyPost> {
let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
check_community_ban(user.id, orig_post.community_id, pool).await?;
// Verify that only the mods can sticky
is_mod_or_admin(pool, user_id, community_id).await?;
is_mod_or_admin(pool, user.id, orig_post.community_id).await?;
// Update the post
let edit_id = data.edit_id;
@ -825,7 +780,7 @@ impl Perform for Oper<StickyPost> {
// Mod tables
let form = ModStickyPostForm {
mod_user_id: user_id,
mod_user_id: user.id,
post_id: data.edit_id,
stickied: Some(stickied),
};
@ -838,7 +793,7 @@ impl Perform for Oper<StickyPost> {
// Refetch the post
let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id))
PostView::read(conn, edit_id, Some(user.id))
})
.await??;