From ea18d462b0d5653935558bef4226bf748fc99b3b Mon Sep 17 00:00:00 2001 From: flamingos-cant <45780476+flamingo-cant-draw@users.noreply.github.com> Date: Tue, 13 Aug 2024 19:56:26 +0100 Subject: [PATCH] Throw error when non-mod posts to mod-only comm (#4966) --- crates/apub/src/objects/post.rs | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs index 0364039bbe..44e8424133 100644 --- a/crates/apub/src/objects/post.rs +++ b/crates/apub/src/objects/post.rs @@ -41,7 +41,11 @@ use lemmy_db_views_actor::structs::CommunityModeratorView; use lemmy_utils::{ error::{LemmyError, LemmyErrorType, LemmyResult}, spawn_try_task, - utils::{markdown::markdown_to_html, slurs::check_slurs_opt, validation::is_valid_url}, + utils::{ + markdown::markdown_to_html, + slurs::check_slurs_opt, + validation::{is_url_blocked, is_valid_url}, + }, }; use std::ops::Deref; use stringreader::StringReader; @@ -180,8 +184,15 @@ impl Object for ApubPost { let creator = page.creator()?.dereference(context).await?; let community = page.community(context).await?; if community.posting_restricted_to_mods { - CommunityModeratorView::is_community_moderator(&mut context.pool(), community.id, creator.id) - .await?; + let is_mod = CommunityModeratorView::is_community_moderator( + &mut context.pool(), + community.id, + creator.id, + ) + .await?; + if !is_mod { + Err(LemmyErrorType::OnlyModsCanPostInCommunity)? + } } let mut name = page .name @@ -220,14 +231,16 @@ impl Object for ApubPost { None }; + let url_blocklist = get_url_blocklist(context).await?; + if let Some(url) = &url { + is_url_blocked(url, &url_blocklist)?; is_valid_url(url)?; } let alt_text = first_attachment.cloned().and_then(Attachment::alt_text); let slur_regex = &local_site_opt_to_slur_regex(&local_site); - let url_blocklist = get_url_blocklist(context).await?; let body = read_from_string_or_source_opt(&page.content, &page.media_type, &page.source); let body = process_markdown_opt(&body, slur_regex, &url_blocklist, context).await?;