Add check so only author or mods can edit posts/comments
This commit is contained in:
parent
a2698dea92
commit
803aad3b3e
4 changed files with 36 additions and 4 deletions
|
@ -148,7 +148,8 @@ pub(crate) async fn community_receive_message(
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
CommunityValidTypes::Update => {
|
CommunityValidTypes::Update => {
|
||||||
receive_update_for_community(context, any_base.clone(), &actor_url, request_counter).await?;
|
receive_update_for_community(context, any_base.clone(), None, &actor_url, request_counter)
|
||||||
|
.await?;
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
CommunityValidTypes::Like => {
|
CommunityValidTypes::Like => {
|
||||||
|
|
|
@ -112,6 +112,7 @@ pub(in crate::inbox) async fn receive_create_for_community(
|
||||||
pub(in crate::inbox) async fn receive_update_for_community(
|
pub(in crate::inbox) async fn receive_update_for_community(
|
||||||
context: &LemmyContext,
|
context: &LemmyContext,
|
||||||
activity: AnyBase,
|
activity: AnyBase,
|
||||||
|
announce: Option<Announce>,
|
||||||
expected_domain: &Url,
|
expected_domain: &Url,
|
||||||
request_counter: &mut i32,
|
request_counter: &mut i32,
|
||||||
) -> Result<(), LemmyError> {
|
) -> Result<(), LemmyError> {
|
||||||
|
@ -119,6 +120,28 @@ pub(in crate::inbox) async fn receive_update_for_community(
|
||||||
verify_activity_domains_valid(&update, &expected_domain, true)?;
|
verify_activity_domains_valid(&update, &expected_domain, true)?;
|
||||||
verify_is_addressed_to_public(&update)?;
|
verify_is_addressed_to_public(&update)?;
|
||||||
|
|
||||||
|
// Check that actor is the creator (or a mod)
|
||||||
|
let actor = update
|
||||||
|
.actor()?
|
||||||
|
.to_owned()
|
||||||
|
.single_xsd_any_uri()
|
||||||
|
.context(location_info!())?;
|
||||||
|
let actor = get_or_fetch_and_upsert_user(&actor, context, request_counter).await?;
|
||||||
|
let object_id = update
|
||||||
|
.object()
|
||||||
|
.as_one()
|
||||||
|
.map(|o| o.id())
|
||||||
|
.flatten()
|
||||||
|
.context(location_info!())?;
|
||||||
|
let original_author = match find_post_or_comment_by_id(context, object_id.to_owned()).await? {
|
||||||
|
PostOrComment::Post(p) => p.creator_id,
|
||||||
|
PostOrComment::Comment(c) => c.creator_id,
|
||||||
|
};
|
||||||
|
if actor.id != original_author {
|
||||||
|
let community = extract_community_from_cc(&update, context).await?;
|
||||||
|
verify_mod_activity(&update, announce, &community, context).await?;
|
||||||
|
}
|
||||||
|
|
||||||
let kind = update
|
let kind = update
|
||||||
.object()
|
.object()
|
||||||
.as_single_kind_str()
|
.as_single_kind_str()
|
||||||
|
@ -522,7 +545,7 @@ async fn verify_mod_activity<T, Kind>(
|
||||||
context: &LemmyContext,
|
context: &LemmyContext,
|
||||||
) -> Result<(), LemmyError>
|
) -> Result<(), LemmyError>
|
||||||
where
|
where
|
||||||
T: ActorAndObjectRef + OptTargetRef + BaseExt<Kind>,
|
T: ActorAndObjectRef + BaseExt<Kind>,
|
||||||
{
|
{
|
||||||
// Remove was sent by community to user, we just check that it came from the right domain
|
// Remove was sent by community to user, we just check that it came from the right domain
|
||||||
if let Some(announce) = announce {
|
if let Some(announce) = announce {
|
||||||
|
@ -535,6 +558,7 @@ where
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn verify_add_remove_moderator_target<T, Kind>(
|
fn verify_add_remove_moderator_target<T, Kind>(
|
||||||
activity: &T,
|
activity: &T,
|
||||||
community: &Community,
|
community: &Community,
|
||||||
|
|
|
@ -289,7 +289,14 @@ pub async fn receive_announce(
|
||||||
receive_create_for_community(context, inner_activity, &inner_id, request_counter).await
|
receive_create_for_community(context, inner_activity, &inner_id, request_counter).await
|
||||||
}
|
}
|
||||||
Some(Update) => {
|
Some(Update) => {
|
||||||
receive_update_for_community(context, inner_activity, &inner_id, request_counter).await
|
receive_update_for_community(
|
||||||
|
context,
|
||||||
|
inner_activity,
|
||||||
|
Some(announce),
|
||||||
|
&inner_id,
|
||||||
|
request_counter,
|
||||||
|
)
|
||||||
|
.await
|
||||||
}
|
}
|
||||||
Some(Like) => {
|
Some(Like) => {
|
||||||
receive_like_for_community(context, inner_activity, &inner_id, request_counter).await
|
receive_like_for_community(context, inner_activity, &inner_id, request_counter).await
|
||||||
|
|
|
@ -87,7 +87,7 @@ services:
|
||||||
- ./volumes/postgres_beta:/var/lib/postgresql/data
|
- ./volumes/postgres_beta:/var/lib/postgresql/data
|
||||||
|
|
||||||
lemmy-gamma-ui:
|
lemmy-gamma-ui:
|
||||||
image: dessalines/lemmy-ui:0.9.9
|
image: lemmy-ui:test
|
||||||
environment:
|
environment:
|
||||||
- LEMMY_INTERNAL_HOST=lemmy-gamma:8561
|
- LEMMY_INTERNAL_HOST=lemmy-gamma:8561
|
||||||
- LEMMY_EXTERNAL_HOST=localhost:8561
|
- LEMMY_EXTERNAL_HOST=localhost:8561
|
||||||
|
|
Loading…
Reference in a new issue