From: Dessalines Date: Fri, 5 Apr 2019 00:25:21 +0000 (-0700) Subject: Verifying correct user for edits X-Git-Url: http://these/git/%7B%60%24%7BghostArchiveUrl%7D/%7B%60/css/themes/static/git-favicon.png?a=commitdiff_plain;h=977b1985e3497f759a44b15f4a87b9cd11017f48;p=lemmy.git Verifying correct user for edits - Fixes #31 --- diff --git a/server/src/websocket_server/server.rs b/server/src/websocket_server/server.rs index 28b5832a..a0d12935 100644 --- a/server/src/websocket_server/server.rs +++ b/server/src/websocket_server/server.rs @@ -914,6 +914,12 @@ impl Perform for EditComment { let user_id = claims.id; + // Verify its the creator + let orig_comment = Comment::read(&conn, self.edit_id).unwrap(); + if user_id != orig_comment.creator_id { + return self.error("Incorrect creator."); + } + let comment_form = CommentForm { content: self.content.to_owned(), parent_id: self.parent_id, @@ -1149,6 +1155,12 @@ impl Perform for EditPost { let user_id = claims.id; + // Verify its the creator + let orig_post = Post::read(&conn, self.edit_id).unwrap(); + if user_id != orig_post.creator_id { + return self.error("Incorrect creator."); + } + let post_form = PostForm { name: self.name.to_owned(), url: self.url.to_owned(), @@ -1210,6 +1222,14 @@ impl Perform for EditCommunity { let user_id = claims.id; + + // Verify its a mod + let moderator_view = CommunityModeratorView::for_community(&conn, self.edit_id).unwrap(); + let mod_ids: Vec = moderator_view.into_iter().map(|m| m.user_id).collect(); + if !mod_ids.contains(&user_id) { + return self.error("Incorrect creator."); + }; + let community_form = CommunityForm { name: self.name.to_owned(), title: self.title.to_owned(), diff --git a/ui/src/components/post-form.tsx b/ui/src/components/post-form.tsx index 6967bf0d..c581ae03 100644 --- a/ui/src/components/post-form.tsx +++ b/ui/src/components/post-form.tsx @@ -133,10 +133,8 @@ export class PostForm extends Component { } parseMessage(msg: any) { - console.log(msg); let op: UserOperation = msgOp(msg); if (msg.error) { - alert(msg.error); return; } else if (op == UserOperation.ListCommunities) { let res: ListCommunitiesResponse = msg;