Add check so only mods can change stickied/locked state of posts

This commit is contained in:
Felix Ableitner 2021-03-11 18:11:59 +01:00
parent 803aad3b3e
commit 50559de6d2
3 changed files with 42 additions and 8 deletions

View file

@ -1,12 +1,24 @@
use crate::{activities::receive::get_actor_as_user, objects::FromApub, ActorType, PageExt}; use crate::{
activities::receive::get_actor_as_user,
inbox::receive_for_community::verify_mod_activity,
objects::FromApub,
ActorType,
PageExt,
};
use activitystreams::{ use activitystreams::{
activity::{Create, Dislike, Like, Remove, Update}, activity::{Announce, Create, Dislike, Like, Remove, Update},
prelude::*, prelude::*,
}; };
use anyhow::Context; use anyhow::Context;
use lemmy_api_structs::{blocking, post::PostResponse}; use lemmy_api_structs::{blocking, post::PostResponse};
use lemmy_db_queries::{source::post::Post_, Likeable}; use lemmy_db_queries::{source::post::Post_, ApubObject, Crud, Likeable};
use lemmy_db_schema::source::post::{Post, PostLike, PostLikeForm}; use lemmy_db_schema::{
source::{
community::Community,
post::{Post, PostLike, PostLikeForm},
},
DbUrl,
};
use lemmy_db_views::post_view::PostView; use lemmy_db_views::post_view::PostView;
use lemmy_utils::{location_info, LemmyError}; use lemmy_utils::{location_info, LemmyError};
use lemmy_websocket::{messages::SendPost, LemmyContext, UserOperation}; use lemmy_websocket::{messages::SendPost, LemmyContext, UserOperation};
@ -42,6 +54,7 @@ pub(crate) async fn receive_create_post(
pub(crate) async fn receive_update_post( pub(crate) async fn receive_update_post(
update: Update, update: Update,
announce: Option<Announce>,
context: &LemmyContext, context: &LemmyContext,
request_counter: &mut i32, request_counter: &mut i32,
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {
@ -49,6 +62,27 @@ pub(crate) async fn receive_update_post(
let page = PageExt::from_any_base(update.object().to_owned().one().context(location_info!())?)? let page = PageExt::from_any_base(update.object().to_owned().one().context(location_info!())?)?
.context(location_info!())?; .context(location_info!())?;
let post_id: DbUrl = page
.id_unchecked()
.context(location_info!())?
.to_owned()
.into();
let old_post = blocking(context.pool(), move |conn| {
Post::read_from_apub_id(conn, &post_id)
})
.await??;
// If sticked or locked state was changed, make sure the actor is a mod
let stickied = page.ext_one.stickied.context(location_info!())?;
let locked = !page.ext_one.comments_enabled.context(location_info!())?;
if stickied != old_post.stickied || locked != old_post.locked {
let community = blocking(context.pool(), move |conn| {
Community::read(conn, old_post.community_id)
})
.await??;
verify_mod_activity(&update, announce, &community, context).await?;
}
let post = Post::from_apub(&page, context, user.actor_id(), request_counter).await?; let post = Post::from_apub(&page, context, user.actor_id(), request_counter).await?;
let post_id = post.id; let post_id = post.id;

View file

@ -26,7 +26,7 @@ use std::fmt::Debug;
use url::Url; use url::Url;
pub mod community_inbox; pub mod community_inbox;
mod receive_for_community; pub(crate) mod receive_for_community;
pub mod shared_inbox; pub mod shared_inbox;
pub mod user_inbox; pub mod user_inbox;

View file

@ -139,7 +139,7 @@ pub(in crate::inbox) async fn receive_update_for_community(
}; };
if actor.id != original_author { if actor.id != original_author {
let community = extract_community_from_cc(&update, context).await?; let community = extract_community_from_cc(&update, context).await?;
verify_mod_activity(&update, announce, &community, context).await?; verify_mod_activity(&update, announce.to_owned(), &community, context).await?;
} }
let kind = update let kind = update
@ -147,7 +147,7 @@ pub(in crate::inbox) async fn receive_update_for_community(
.as_single_kind_str() .as_single_kind_str()
.and_then(|s| s.parse().ok()); .and_then(|s| s.parse().ok());
match kind { match kind {
Some(PageOrNote::Page) => receive_update_post(update, context, request_counter).await, Some(PageOrNote::Page) => receive_update_post(update, announce, context, request_counter).await,
Some(PageOrNote::Note) => receive_update_comment(update, context, request_counter).await, Some(PageOrNote::Note) => receive_update_comment(update, context, request_counter).await,
_ => receive_unhandled_activity(update), _ => receive_unhandled_activity(update),
} }
@ -538,7 +538,7 @@ where
Ok(()) Ok(())
} }
async fn verify_mod_activity<T, Kind>( pub(crate) async fn verify_mod_activity<T, Kind>(
mod_action: &T, mod_action: &T,
announce: Option<Announce>, announce: Option<Announce>,
community: &Community, community: &Community,