Untitled Git - lemmy.git/commit

author	ryexandra <68085235+ryexandra@users.noreply.github.com>
	Tue, 14 Jul 2020 13:17:25 +0000 (07:17 -0600)
committer	GitHub <noreply@github.com>
	Tue, 14 Jul 2020 13:17:25 +0000 (09:17 -0400)
commit	29037b49952dd95a08639b27b08c8a8e68a13026
tree	eed2656e786b389aa599667df496632421ad91bd	tree \| snapshot
parent	52983907c4d1b7fda1182316cb631f9b5e913f5b	commit \| diff

Security/fix permission bugs (#966)

* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>

server/lemmy_db/src/lib.rs		diff \| blob \| history
server/lemmy_utils/src/settings.rs		diff \| blob \| history
server/src/api/comment.rs		diff \| blob \| history
server/src/api/community.rs		diff \| blob \| history
server/src/api/post.rs		diff \| blob \| history
server/src/api/user.rs		diff \| blob \| history
server/src/apub/comment.rs		diff \| blob \| history
server/src/apub/community.rs		diff \| blob \| history
server/src/apub/fetcher.rs		diff \| blob \| history
server/src/apub/mod.rs		diff \| blob \| history
server/src/apub/post.rs		diff \| blob \| history
server/src/apub/private_message.rs		diff \| blob \| history
server/src/apub/shared_inbox.rs		diff \| blob \| history
server/src/apub/user.rs		diff \| blob \| history
server/src/apub/user_inbox.rs		diff \| blob \| history