LemmyNet
/
lemmy
3
2
Fork 3
Code Pull Requests 1 Releases Wiki Activity
lemmy/server/lemmy_db/src
History
ryexandra 29037b4995
Security/fix permission bugs (#966) 
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
 		2020-07-14 09:17:25 -04:00
..
activity.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
category.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
comment.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
comment_view.rs Add post title to user comments inbox view, comment_view, user_mention_view 2020-07-13 08:18:11 +02:00
community.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
community_view.rs Fixing admin and mod sort order. Fixes #939 (#941) 2020-07-13 09:42:03 -04:00
lib.rs Security/fix permission bugs (#966) 2020-07-14 09:17:25 -04:00
moderator.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
moderator_views.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
password_reset_request.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
post.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
post_view.rs Adding a community_name option to GetPosts /post/list . Fixes #800 (#942) 2020-07-13 09:50:13 -04:00
private_message.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
private_message_view.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
schema.rs Using community-link instead. 2020-07-13 10:39:15 -04:00
site.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
site_view.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
user.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
user_mention.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
user_mention_view.rs Add post title to user comments inbox view, comment_view, user_mention_view 2020-07-13 08:18:11 +02:00
user_view.rs Fixing admin and mod sort order. Fixes #939 (#941) 2020-07-13 09:42:03 -04:00