LemmyNet
/
lemmy
3
2
Fork 3
Code Pull Requests 1 Releases Wiki Activity

Move check_community_ban() into helper function

This commit is contained in:
Felix Ableitner 2020-08-03 15:57:19 +02:00
parent 7d1dd78f86
commit bdf6d7c629
3 changed files with 61 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
server/src/api/comment.rs
View File

@ -1,5 +1,13 @@
use crate::{ use crate::{
api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform}, api::{
check_community_ban,
get_user_from_jwt,
get_user_from_jwt_opt,
is_mod_or_admin,
APIError,
Oper,
Perform,
},
apub::{ApubLikeableType, ApubObjectType}, apub::{ApubLikeableType, ApubObjectType},
blocking, blocking,
websocket::{ websocket::{
@ -13,7 +21,6 @@ use crate::{
use lemmy_db::{ use lemmy_db::{
comment::*, comment::*,
comment_view::*, comment_view::*,
community_view::*,
moderator::*, moderator::*,
post::*, post::*,
site_view::*, site_view::*,
@ -145,13 +152,7 @@ impl Perform for Oper<CreateComment> {
let post_id = data.post_id; let post_id = data.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id; check_community_ban(user.id, post.community_id, pool).await?;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Check if post is locked, no new comments // Check if post is locked, no new comments
if post.locked { if post.locked {
@ -192,7 +193,7 @@ impl Perform for Oper<CreateComment> {
let like_form = CommentLikeForm { let like_form = CommentLikeForm {
comment_id: inserted_comment.id, comment_id: inserted_comment.id,
post_id: data.post_id, post_id: data.post_id,
user_id, user_id: user.id,
score: 1, score: 1,
}; };
@ -203,6 +204,7 @@ impl Perform for Oper<CreateComment> {
updated_comment.send_like(&user, &self.client, pool).await?; updated_comment.send_like(&user, &self.client, pool).await?;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| { let comment_view = blocking(pool, move |conn| {
CommentView::read(&conn, inserted_comment.id, Some(user_id)) CommentView::read(&conn, inserted_comment.id, Some(user_id))
}) })
@ -246,14 +248,7 @@ impl Perform for Oper<EditComment> {
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban check_community_ban(user.id, orig_comment.community_id, pool).await?;
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the creator can edit // Verify that only the creator can edit
if user.id != orig_comment.creator_id { if user.id != orig_comment.creator_id {
@ -287,6 +282,7 @@ impl Perform for Oper<EditComment> {
send_local_notifs(mentions, updated_comment, &user, post, pool, false).await?; send_local_notifs(mentions, updated_comment, &user, post, pool, false).await?;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| { let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id)) CommentView::read(conn, edit_id, Some(user_id))
}) })
@ -330,17 +326,10 @@ impl Perform for Oper<DeleteComment> {
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban check_community_ban(user.id, orig_comment.community_id, pool).await?;
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the creator can delete // Verify that only the creator can delete
if user_id != orig_comment.creator_id { if user.id != orig_comment.creator_id {
return Err(APIError::err("no_comment_edit_allowed").into()); return Err(APIError::err("no_comment_edit_allowed").into());
} }
@ -368,6 +357,7 @@ impl Perform for Oper<DeleteComment> {
// Refetch it // Refetch it
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| { let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id)) CommentView::read(conn, edit_id, Some(user_id))
}) })
@ -418,17 +408,10 @@ impl Perform for Oper<RemoveComment> {
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban check_community_ban(user.id, orig_comment.community_id, pool).await?;
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only a mod or admin can remove // Verify that only a mod or admin can remove
is_mod_or_admin(pool, user_id, community_id).await?; is_mod_or_admin(pool, user.id, orig_comment.community_id).await?;
// Do the remove // Do the remove
let removed = data.removed; let removed = data.removed;
@ -443,7 +426,7 @@ impl Perform for Oper<RemoveComment> {
// Mod tables // Mod tables
let form = ModRemoveCommentForm { let form = ModRemoveCommentForm {
mod_user_id: user_id, mod_user_id: user.id,
comment_id: data.edit_id, comment_id: data.edit_id,
removed: Some(removed), removed: Some(removed),
reason: data.reason.to_owned(), reason: data.reason.to_owned(),
@ -463,6 +446,7 @@ impl Perform for Oper<RemoveComment> {
// Refetch it // Refetch it
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| { let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id)) CommentView::read(conn, edit_id, Some(user_id))
}) })
@ -513,14 +497,7 @@ impl Perform for Oper<MarkCommentAsRead> {
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a community ban check_community_ban(user.id, orig_comment.community_id, pool).await?;
let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the recipient can mark as read // Verify that only the recipient can mark as read
// Needs to fetch the parent comment / post to get the recipient // Needs to fetch the parent comment / post to get the recipient
@ -529,7 +506,7 @@ impl Perform for Oper<MarkCommentAsRead> {
Some(pid) => { Some(pid) => {
let parent_comment = let parent_comment =
blocking(pool, move |conn| CommentView::read(&conn, pid, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, pid, None)).await??;
if user_id != parent_comment.creator_id { if user.id != parent_comment.creator_id {
return Err(APIError::err("no_comment_edit_allowed").into()); return Err(APIError::err("no_comment_edit_allowed").into());
} }
} }
@ -551,6 +528,7 @@ impl Perform for Oper<MarkCommentAsRead> {
// Refetch it // Refetch it
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| { let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, edit_id, Some(user_id)) CommentView::read(conn, edit_id, Some(user_id))
}) })
@ -636,16 +614,9 @@ impl Perform for Oper<CreateCommentLike> {
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, comment_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, comment_id, None)).await??;
// Check for a community ban
let post_id = orig_comment.post_id; let post_id = orig_comment.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id; check_community_ban(user.id, post.community_id, pool).await?;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
let comment_id = data.comment_id; let comment_id = data.comment_id;
let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??; let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??;
@ -654,7 +625,7 @@ impl Perform for Oper<CreateCommentLike> {
match comment.parent_id { match comment.parent_id {
Some(parent_id) => { Some(parent_id) => {
let parent_comment = blocking(pool, move |conn| Comment::read(conn, parent_id)).await??; let parent_comment = blocking(pool, move |conn| Comment::read(conn, parent_id)).await??;
if parent_comment.creator_id != user_id { if parent_comment.creator_id != user.id {
let parent_user = blocking(pool, move |conn| { let parent_user = blocking(pool, move |conn| {
User_::read(conn, parent_comment.creator_id) User_::read(conn, parent_comment.creator_id)
}) })
@ -670,7 +641,7 @@ impl Perform for Oper<CreateCommentLike> {
let like_form = CommentLikeForm { let like_form = CommentLikeForm {
comment_id: data.comment_id, comment_id: data.comment_id,
post_id, post_id,
user_id, user_id: user.id,
score: data.score, score: data.score,
}; };
@ -698,6 +669,7 @@ impl Perform for Oper<CreateCommentLike> {
// Have to refetch the comment to get the current state // Have to refetch the comment to get the current state
let comment_id = data.comment_id; let comment_id = data.comment_id;
let user_id = user.id;
let liked_comment = blocking(pool, move |conn| { let liked_comment = blocking(pool, move |conn| {
CommentView::read(conn, comment_id, Some(user_id)) CommentView::read(conn, comment_id, Some(user_id))
}) })

12
server/src/api/mod.rs
View File

@ -117,3 +117,15 @@ pub(in crate::api) fn check_slurs_opt(text: &Option<String>) -> Result<(), APIEr
None => Ok(()), None => Ok(()),
} }
} }
pub(in crate::api) async fn check_community_ban(
user_id: i32,
community_id: i32,
pool: &DbPool,
) -> Result<(), LemmyError> {
let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
Err(APIError::err("community_ban").into())
} else {
Ok(())
}
}

87
server/src/api/post.rs
View File

@ -1,5 +1,6 @@
use crate::{ use crate::{
api::{ api::{
check_community_ban,
check_slurs, check_slurs,
check_slurs_opt, check_slurs_opt,
get_user_from_jwt, get_user_from_jwt,
@ -157,14 +158,7 @@ impl Perform for Oper<CreatePost> {
return Err(APIError::err("invalid_post_title").into()); return Err(APIError::err("invalid_post_title").into());
} }
// Check for a community ban check_community_ban(user.id, data.community_id, pool).await?;
let community_id = data.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
if let Some(url) = data.url.as_ref() { if let Some(url) = data.url.as_ref() {
match Url::parse(url) { match Url::parse(url) {
@ -423,17 +417,11 @@ impl Perform for Oper<CreatePostLike> {
let post_id = data.post_id; let post_id = data.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id; check_community_ban(user.id, post.community_id, pool).await?;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
let like_form = PostLikeForm { let like_form = PostLikeForm {
post_id: data.post_id, post_id: data.post_id,
user_id, user_id: user.id,
score: data.score, score: data.score,
}; };
@ -460,6 +448,7 @@ impl Perform for Oper<CreatePostLike> {
} }
let post_id = data.post_id; let post_id = data.post_id;
let user_id = user.id;
let post_view = match blocking(pool, move |conn| { let post_view = match blocking(pool, move |conn| {
PostView::read(conn, post_id, Some(user_id)) PostView::read(conn, post_id, Some(user_id))
}) })
@ -505,14 +494,7 @@ impl Perform for Oper<EditPost> {
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban check_community_ban(user.id, orig_post.community_id, pool).await?;
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the creator can edit // Verify that only the creator can edit
if !Post::is_post_creator(user.id, orig_post.creator_id) { if !Post::is_post_creator(user.id, orig_post.creator_id) {
@ -564,7 +546,7 @@ impl Perform for Oper<EditPost> {
let edit_id = data.edit_id; let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| { let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id)) PostView::read(conn, edit_id, Some(user.id))
}) })
.await??; .await??;
@ -597,17 +579,10 @@ impl Perform for Oper<DeletePost> {
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban check_community_ban(user.id, orig_post.community_id, pool).await?;
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the creator can delete // Verify that only the creator can delete
if !Post::is_post_creator(user_id, orig_post.creator_id) { if !Post::is_post_creator(user.id, orig_post.creator_id) {
return Err(APIError::err("no_post_edit_allowed").into()); return Err(APIError::err("no_post_edit_allowed").into());
} }
@ -631,7 +606,7 @@ impl Perform for Oper<DeletePost> {
// Refetch the post // Refetch the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| { let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id)) PostView::read(conn, edit_id, Some(user.id))
}) })
.await??; .await??;
@ -664,17 +639,10 @@ impl Perform for Oper<RemovePost> {
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban check_community_ban(user.id, orig_post.community_id, pool).await?;
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the mods can remove // Verify that only the mods can remove
is_mod_or_admin(pool, user.id, community_id).await?; is_mod_or_admin(pool, user.id, orig_post.community_id).await?;
// Update the post // Update the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
@ -704,6 +672,7 @@ impl Perform for Oper<RemovePost> {
// Refetch the post // Refetch the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let post_view = blocking(pool, move |conn| { let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id)) PostView::read(conn, edit_id, Some(user_id))
}) })
@ -738,17 +707,10 @@ impl Perform for Oper<LockPost> {
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban check_community_ban(user.id, orig_post.community_id, pool).await?;
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the mods can lock // Verify that only the mods can lock
is_mod_or_admin(pool, user_id, community_id).await?; is_mod_or_admin(pool, user.id, orig_post.community_id).await?;
// Update the post // Update the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
@ -758,7 +720,7 @@ impl Perform for Oper<LockPost> {
// Mod tables // Mod tables
let form = ModLockPostForm { let form = ModLockPostForm {
mod_user_id: user_id, mod_user_id: user.id,
post_id: data.edit_id, post_id: data.edit_id,
locked: Some(locked), locked: Some(locked),
}; };
@ -770,7 +732,7 @@ impl Perform for Oper<LockPost> {
// Refetch the post // Refetch the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| { let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id)) PostView::read(conn, edit_id, Some(user.id))
}) })
.await??; .await??;
@ -803,17 +765,10 @@ impl Perform for Oper<StickyPost> {
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban check_community_ban(user.id, orig_post.community_id, pool).await?;
let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into());
}
// Verify that only the mods can sticky // Verify that only the mods can sticky
is_mod_or_admin(pool, user_id, community_id).await?; is_mod_or_admin(pool, user.id, orig_post.community_id).await?;
// Update the post // Update the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
@ -825,7 +780,7 @@ impl Perform for Oper<StickyPost> {
// Mod tables // Mod tables
let form = ModStickyPostForm { let form = ModStickyPostForm {
mod_user_id: user_id, mod_user_id: user.id,
post_id: data.edit_id, post_id: data.edit_id,
stickied: Some(stickied), stickied: Some(stickied),
}; };
@ -838,7 +793,7 @@ impl Perform for Oper<StickyPost> {
// Refetch the post // Refetch the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
let post_view = blocking(pool, move |conn| { let post_view = blocking(pool, move |conn| {
PostView::read(conn, edit_id, Some(user_id)) PostView::read(conn, edit_id, Some(user.id))
}) })
.await??; .await??;