Sanitize html (#3708)

[lemmy.git] / crates / api / src / site / purge / comment.rs

diff --git a/crates/api/src/site/purge/comment.rs b/crates/api/src/site/purge/comment.rs
index c8abf57d978a882d6e45d19fdbcf6991aa89b831..bfaf9cbb0772e9614fe33cd163828a2af35f895a 100644 (file)
--- a/crates/api/src/site/purge/comment.rs
+++ b/crates/api/src/site/purge/comment.rs
@@ -3,7 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   site::{PurgeComment, PurgeItemResponse},
-  utils::{is_top_admin, local_user_view_from_jwt},
+  utils::{is_admin, local_user_view_from_jwt, sanitize_html_opt},
 };
 use lemmy_db_schema::{
   source::{
@@ -23,29 +23,29 @@ impl Perform for PurgeComment {
     let data: &Self = self;
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
 
-    // Only let the top admin purge an item
-    is_top_admin(context.pool(), local_user_view.person.id).await?;
+    // Only let admin purge an item
+    is_admin(&local_user_view)?;
 
     let comment_id = data.comment_id;
 
     // Read the comment to get the post_id
-    let comment = Comment::read(context.pool(), comment_id).await?;
+    let comment = Comment::read(&mut context.pool(), comment_id).await?;
 
     let post_id = comment.post_id;
 
     // TODO read comments for pictrs images and purge them
 
-    Comment::delete(context.pool(), comment_id).await?;
+    Comment::delete(&mut context.pool(), comment_id).await?;
 
     // Mod tables
-    let reason = data.reason.clone();
+    let reason = sanitize_html_opt(&data.reason);
     let form = AdminPurgeCommentForm {
       admin_person_id: local_user_view.person.id,
       reason,
       post_id,
     };
 
-    AdminPurgeComment::create(context.pool(), &form).await?;
+    AdminPurgeComment::create(&mut context.pool(), &form).await?;
 
     Ok(PurgeItemResponse { success: true })
   }