Verifying correct user for edits

author Dessalines <tyhou13@gmx.com>

Fri, 5 Apr 2019 00:25:21 +0000 (17:25 -0700)

committer Dessalines <tyhou13@gmx.com>

Fri, 5 Apr 2019 00:25:21 +0000 (17:25 -0700)
author Dessalines <tyhou13@gmx.com>
Fri, 5 Apr 2019 00:25:21 +0000 (17:25 -0700)
committer Dessalines <tyhou13@gmx.com>
Fri, 5 Apr 2019 00:25:21 +0000 (17:25 -0700)
diff --git a/server/src/websocket_server/server.rs b/server/src/websocket_server/server.rs

index 28b5832a528288b980a3ea7290b6368b36a91291..a0d129354c5c7f2bd6e906132171df7a6d2f5094 100644 (file)
--- a/server/src/websocket_server/server.rs
+++ b/server/src/websocket_server/server.rs
@@ -914,6 +914,12 @@ impl Perform for EditComment {
  
      let user_id = claims.id;
  
+    // Verify its the creator
+    let orig_comment = Comment::read(&conn, self.edit_id).unwrap();
+    if user_id != orig_comment.creator_id {
+        return self.error("Incorrect creator.");
+    }
+
      let comment_form = CommentForm {
        content: self.content.to_owned(),
        parent_id: self.parent_id,
@@ -1149,6 +1155,12 @@ impl Perform for EditPost {
  
      let user_id = claims.id;
  
+    // Verify its the creator
+    let orig_post = Post::read(&conn, self.edit_id).unwrap();
+    if user_id != orig_post.creator_id {
+        return self.error("Incorrect creator.");
+    }
+
      let post_form = PostForm {
        name: self.name.to_owned(),
        url: self.url.to_owned(),
@@ -1210,6 +1222,14 @@ impl Perform for EditCommunity {
  
      let user_id = claims.id;
  
+
+    // Verify its a mod
+    let moderator_view = CommunityModeratorView::for_community(&conn, self.edit_id).unwrap();
+    let mod_ids: Vec<i32> = moderator_view.into_iter().map(|m| m.user_id).collect();
+    if !mod_ids.contains(&user_id) {
+        return self.error("Incorrect creator.");
+    };
+
      let community_form = CommunityForm {
        name: self.name.to_owned(),
        title: self.title.to_owned(),
diff --git a/ui/src/components/post-form.tsx b/ui/src/components/post-form.tsx

index 6967bf0d60fe22528a44a81d48a9b2a2d1727502..c581ae033ec21dc6d1d56f70c255fc60e5f51663 100644 (file)
--- a/ui/src/components/post-form.tsx
+++ b/ui/src/components/post-form.tsx
@@ -133,10 +133,8 @@ export class PostForm extends Component<PostFormProps, PostFormState> {
    }
  
    parseMessage(msg: any) {
-    console.log(msg);
      let op: UserOperation = msgOp(msg);
      if (msg.error) {
-      alert(msg.error);
        return;
      } else if (op == UserOperation.ListCommunities) {
        let res: ListCommunitiesResponse = msg;
author	Dessalines <tyhou13@gmx.com>
	Fri, 5 Apr 2019 00:25:21 +0000 (17:25 -0700)
committer	Dessalines <tyhou13@gmx.com>
	Fri, 5 Apr 2019 00:25:21 +0000 (17:25 -0700)
server/src/websocket_server/server.rs		patch \| blob \| history
ui/src/components/post-form.tsx		patch \| blob \| history