]> Untitled Git - lemmy.git/blobdiff - crates/api_crud/src/community/update.rs
projects / lemmy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sanitize html (#3708)
[lemmy.git] / crates / api_crud / src / community / update.rs
diff --git a/crates/api_crud/src/community/update.rs b/crates/api_crud/src/community/update.rs
index 6ab161070650772379068a289399e80d40e2a074..128be036fd241529c64e4d76a7907b0c77ecea4e 100644 (file)
--- a/crates/api_crud/src/community/update.rs
+++ b/crates/api_crud/src/community/update.rs
@@ -1,10 +1,10 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
 use lemmy_api_common::{
+  build_response::build_community_response,
   community::{CommunityResponse, EditCommunity},
   context::LemmyContext,
-  utils::{get_local_user_view_from_jwt, local_site_to_slur_regex},
-  websocket::{send::send_community_ws_message, UserOperationCrud},
+  utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_opt},
 };
 use lemmy_db_schema::{
   newtypes::PersonId,
@@ -17,54 +17,57 @@ use lemmy_db_schema::{
   utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now},
 };
 use lemmy_db_views_actor::structs::CommunityModeratorView;
-use lemmy_utils::{error::LemmyError, utils::check_slurs_opt, ConnectionId};
+use lemmy_utils::{
+  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
+  utils::{slurs::check_slurs_opt, validation::is_valid_body_field},
+};
 
 #[async_trait::async_trait(?Send)]
 impl PerformCrud for EditCommunity {
   type Response = CommunityResponse;
 
-  #[tracing::instrument(skip(context, websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    websocket_id: Option<ConnectionId>,
-  ) -> Result<CommunityResponse, LemmyError> {
+  #[tracing::instrument(skip(context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<CommunityResponse, LemmyError> {
     let data: &EditCommunity = self;
-    let local_user_view =
-      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
-    let local_site = LocalSite::read(context.pool()).await?;
-
-    let icon = diesel_option_overwrite_to_url(&data.icon)?;
-    let banner = diesel_option_overwrite_to_url(&data.banner)?;
-    let description = diesel_option_overwrite(&data.description);
+    let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
 
     let slur_regex = local_site_to_slur_regex(&local_site);
     check_slurs_opt(&data.title, &slur_regex)?;
     check_slurs_opt(&data.description, &slur_regex)?;
+    is_valid_body_field(&data.description, false)?;
+
+    let title = sanitize_html_opt(&data.title);
+    let description = sanitize_html_opt(&data.description);
+
+    let icon = diesel_option_overwrite_to_url(&data.icon)?;
+    let banner = diesel_option_overwrite_to_url(&data.banner)?;
+    let description = diesel_option_overwrite(description);
 
     // Verify its a mod (only mods can edit it)
     let community_id = data.community_id;
-    let mods: Vec<PersonId> = CommunityModeratorView::for_community(context.pool(), community_id)
-      .await
-      .map(|v| v.into_iter().map(|m| m.moderator.id).collect())?;
+    let mods: Vec<PersonId> =
+      CommunityModeratorView::for_community(&mut context.pool(), community_id)
+        .await
+        .map(|v| v.into_iter().map(|m| m.moderator.id).collect())?;
     if !mods.contains(&local_user_view.person.id) {
-      return Err(LemmyError::from_message("not_a_moderator"));
+      return Err(LemmyErrorType::NotAModerator)?;
     }
 
     let community_id = data.community_id;
     if let Some(languages) = data.discussion_languages.clone() {
-      let site_languages = SiteLanguage::read_local(context.pool()).await?;
+      let site_languages = SiteLanguage::read_local_raw(&mut context.pool()).await?;
       // check that community languages are a subset of site languages
       // https://stackoverflow.com/a/64227550
       let is_subset = languages.iter().all(|item| site_languages.contains(item));
       if !is_subset {
-        return Err(LemmyError::from_message("language_not_allowed"));
+        return Err(LemmyErrorType::LanguageNotAllowed)?;
       }
-      CommunityLanguage::update(context.pool(), languages, community_id).await?;
+      CommunityLanguage::update(&mut context.pool(), languages, community_id).await?;
     }
 
     let community_form = CommunityUpdateForm::builder()
-      .title(data.title.clone())
+      .title(title)
       .description(description)
       .icon(icon)
       .banner(banner)
@@ -74,11 +77,10 @@ impl PerformCrud for EditCommunity {
       .build();
 
     let community_id = data.community_id;
-    Community::update(context.pool(), community_id, &community_form)
+    Community::update(&mut context.pool(), community_id, &community_form)
       .await
-      .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_community"))?;
+      .with_lemmy_type(LemmyErrorType::CouldntUpdateCommunity)?;
 
-    let op = UserOperationCrud::EditCommunity;
-    send_community_ws_message(data.community_id, op, websocket_id, None, context).await
+    build_community_response(context, local_user_view, community_id).await
   }
 }
Unnamed repository; edit this file 'description' to name the repository.