diff --git a/server/src/api/comment.rs b/server/src/api/comment.rs index a18ba762..e3189d43 100644 --- a/server/src/api/comment.rs +++ b/server/src/api/comment.rs @@ -1,5 +1,13 @@ use crate::{ - api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform}, + api::{ + check_community_ban, + get_user_from_jwt, + get_user_from_jwt_opt, + is_mod_or_admin, + APIError, + Oper, + Perform, + }, apub::{ApubLikeableType, ApubObjectType}, blocking, websocket::{ @@ -13,7 +21,6 @@ use crate::{ use lemmy_db::{ comment::*, comment_view::*, - community_view::*, moderator::*, post::*, site_view::*, @@ -145,13 +152,7 @@ impl Perform for Oper { let post_id = data.post_id; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; - let community_id = post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, post.community_id, pool).await?; // Check if post is locked, no new comments if post.locked { @@ -192,7 +193,7 @@ impl Perform for Oper { let like_form = CommentLikeForm { comment_id: inserted_comment.id, post_id: data.post_id, - user_id, + user_id: user.id, score: 1, }; @@ -203,6 +204,7 @@ impl Perform for Oper { updated_comment.send_like(&user, &self.client, pool).await?; + let user_id = user.id; let comment_view = blocking(pool, move |conn| { CommentView::read(&conn, inserted_comment.id, Some(user_id)) }) @@ -246,14 +248,7 @@ impl Perform for Oper { let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a community ban - let community_id = orig_comment.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_comment.community_id, pool).await?; // Verify that only the creator can edit if user.id != orig_comment.creator_id { @@ -287,6 +282,7 @@ impl Perform for Oper { send_local_notifs(mentions, updated_comment, &user, post, pool, false).await?; let edit_id = data.edit_id; + let user_id = user.id; let comment_view = blocking(pool, move |conn| { CommentView::read(conn, edit_id, Some(user_id)) }) @@ -330,17 +326,10 @@ impl Perform for Oper { let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a community ban - let community_id = orig_comment.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_comment.community_id, pool).await?; // Verify that only the creator can delete - if user_id != orig_comment.creator_id { + if user.id != orig_comment.creator_id { return Err(APIError::err("no_comment_edit_allowed").into()); } @@ -368,6 +357,7 @@ impl Perform for Oper { // Refetch it let edit_id = data.edit_id; + let user_id = user.id; let comment_view = blocking(pool, move |conn| { CommentView::read(conn, edit_id, Some(user_id)) }) @@ -418,17 +408,10 @@ impl Perform for Oper { let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a community ban - let community_id = orig_comment.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_comment.community_id, pool).await?; // Verify that only a mod or admin can remove - is_mod_or_admin(pool, user_id, community_id).await?; + is_mod_or_admin(pool, user.id, orig_comment.community_id).await?; // Do the remove let removed = data.removed; @@ -443,7 +426,7 @@ impl Perform for Oper { // Mod tables let form = ModRemoveCommentForm { - mod_user_id: user_id, + mod_user_id: user.id, comment_id: data.edit_id, removed: Some(removed), reason: data.reason.to_owned(), @@ -463,6 +446,7 @@ impl Perform for Oper { // Refetch it let edit_id = data.edit_id; + let user_id = user.id; let comment_view = blocking(pool, move |conn| { CommentView::read(conn, edit_id, Some(user_id)) }) @@ -513,14 +497,7 @@ impl Perform for Oper { let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a community ban - let community_id = orig_comment.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_comment.community_id, pool).await?; // Verify that only the recipient can mark as read // Needs to fetch the parent comment / post to get the recipient @@ -529,7 +506,7 @@ impl Perform for Oper { Some(pid) => { let parent_comment = blocking(pool, move |conn| CommentView::read(&conn, pid, None)).await??; - if user_id != parent_comment.creator_id { + if user.id != parent_comment.creator_id { return Err(APIError::err("no_comment_edit_allowed").into()); } } @@ -551,6 +528,7 @@ impl Perform for Oper { // Refetch it let edit_id = data.edit_id; + let user_id = user.id; let comment_view = blocking(pool, move |conn| { CommentView::read(conn, edit_id, Some(user_id)) }) @@ -636,16 +614,9 @@ impl Perform for Oper { let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, comment_id, None)).await??; - // Check for a community ban let post_id = orig_comment.post_id; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; - let community_id = post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, post.community_id, pool).await?; let comment_id = data.comment_id; let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??; @@ -654,7 +625,7 @@ impl Perform for Oper { match comment.parent_id { Some(parent_id) => { let parent_comment = blocking(pool, move |conn| Comment::read(conn, parent_id)).await??; - if parent_comment.creator_id != user_id { + if parent_comment.creator_id != user.id { let parent_user = blocking(pool, move |conn| { User_::read(conn, parent_comment.creator_id) }) @@ -670,7 +641,7 @@ impl Perform for Oper { let like_form = CommentLikeForm { comment_id: data.comment_id, post_id, - user_id, + user_id: user.id, score: data.score, }; @@ -698,6 +669,7 @@ impl Perform for Oper { // Have to refetch the comment to get the current state let comment_id = data.comment_id; + let user_id = user.id; let liked_comment = blocking(pool, move |conn| { CommentView::read(conn, comment_id, Some(user_id)) }) diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs index 6e4e67f2..a9aae823 100644 --- a/server/src/api/mod.rs +++ b/server/src/api/mod.rs @@ -117,3 +117,15 @@ pub(in crate::api) fn check_slurs_opt(text: &Option) -> Result<(), APIEr None => Ok(()), } } +pub(in crate::api) async fn check_community_ban( + user_id: i32, + community_id: i32, + pool: &DbPool, +) -> Result<(), LemmyError> { + let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); + if blocking(pool, is_banned).await? { + Err(APIError::err("community_ban").into()) + } else { + Ok(()) + } +} diff --git a/server/src/api/post.rs b/server/src/api/post.rs index 146b1536..b43e4e55 100644 --- a/server/src/api/post.rs +++ b/server/src/api/post.rs @@ -1,5 +1,6 @@ use crate::{ api::{ + check_community_ban, check_slurs, check_slurs_opt, get_user_from_jwt, @@ -157,14 +158,7 @@ impl Perform for Oper { return Err(APIError::err("invalid_post_title").into()); } - // Check for a community ban - let community_id = data.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, data.community_id, pool).await?; if let Some(url) = data.url.as_ref() { match Url::parse(url) { @@ -423,17 +417,11 @@ impl Perform for Oper { let post_id = data.post_id; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; - let community_id = post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, post.community_id, pool).await?; let like_form = PostLikeForm { post_id: data.post_id, - user_id, + user_id: user.id, score: data.score, }; @@ -460,6 +448,7 @@ impl Perform for Oper { } let post_id = data.post_id; + let user_id = user.id; let post_view = match blocking(pool, move |conn| { PostView::read(conn, post_id, Some(user_id)) }) @@ -505,14 +494,7 @@ impl Perform for Oper { let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a community ban - let community_id = orig_post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_post.community_id, pool).await?; // Verify that only the creator can edit if !Post::is_post_creator(user.id, orig_post.creator_id) { @@ -564,7 +546,7 @@ impl Perform for Oper { let edit_id = data.edit_id; let post_view = blocking(pool, move |conn| { - PostView::read(conn, edit_id, Some(user_id)) + PostView::read(conn, edit_id, Some(user.id)) }) .await??; @@ -597,17 +579,10 @@ impl Perform for Oper { let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a community ban - let community_id = orig_post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_post.community_id, pool).await?; // Verify that only the creator can delete - if !Post::is_post_creator(user_id, orig_post.creator_id) { + if !Post::is_post_creator(user.id, orig_post.creator_id) { return Err(APIError::err("no_post_edit_allowed").into()); } @@ -631,7 +606,7 @@ impl Perform for Oper { // Refetch the post let edit_id = data.edit_id; let post_view = blocking(pool, move |conn| { - PostView::read(conn, edit_id, Some(user_id)) + PostView::read(conn, edit_id, Some(user.id)) }) .await??; @@ -664,17 +639,10 @@ impl Perform for Oper { let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a community ban - let community_id = orig_post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_post.community_id, pool).await?; // Verify that only the mods can remove - is_mod_or_admin(pool, user.id, community_id).await?; + is_mod_or_admin(pool, user.id, orig_post.community_id).await?; // Update the post let edit_id = data.edit_id; @@ -704,6 +672,7 @@ impl Perform for Oper { // Refetch the post let edit_id = data.edit_id; + let user_id = user.id; let post_view = blocking(pool, move |conn| { PostView::read(conn, edit_id, Some(user_id)) }) @@ -738,17 +707,10 @@ impl Perform for Oper { let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a community ban - let community_id = orig_post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_post.community_id, pool).await?; // Verify that only the mods can lock - is_mod_or_admin(pool, user_id, community_id).await?; + is_mod_or_admin(pool, user.id, orig_post.community_id).await?; // Update the post let edit_id = data.edit_id; @@ -758,7 +720,7 @@ impl Perform for Oper { // Mod tables let form = ModLockPostForm { - mod_user_id: user_id, + mod_user_id: user.id, post_id: data.edit_id, locked: Some(locked), }; @@ -770,7 +732,7 @@ impl Perform for Oper { // Refetch the post let edit_id = data.edit_id; let post_view = blocking(pool, move |conn| { - PostView::read(conn, edit_id, Some(user_id)) + PostView::read(conn, edit_id, Some(user.id)) }) .await??; @@ -803,17 +765,10 @@ impl Perform for Oper { let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a community ban - let community_id = orig_post.community_id; - let user_id = user.id; - let is_banned = - move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); - if blocking(pool, is_banned).await? { - return Err(APIError::err("community_ban").into()); - } + check_community_ban(user.id, orig_post.community_id, pool).await?; // Verify that only the mods can sticky - is_mod_or_admin(pool, user_id, community_id).await?; + is_mod_or_admin(pool, user.id, orig_post.community_id).await?; // Update the post let edit_id = data.edit_id; @@ -825,7 +780,7 @@ impl Perform for Oper { // Mod tables let form = ModStickyPostForm { - mod_user_id: user_id, + mod_user_id: user.id, post_id: data.edit_id, stickied: Some(stickied), }; @@ -838,7 +793,7 @@ impl Perform for Oper { // Refetch the post let edit_id = data.edit_id; let post_view = blocking(pool, move |conn| { - PostView::read(conn, edit_id, Some(user_id)) + PostView::read(conn, edit_id, Some(user.id)) }) .await??;