test('Create a post in a non-existent community', async () => {
let postRes = await createPost(alpha, -2);
- expect(postRes).toStrictEqual({ error: 'couldnt_create_post' });
+ expect(postRes).toStrictEqual({ error: 'couldnt_find_community' });
});
test('Unlike a post', async () => {
use lemmy_api_common::{
blocking,
check_community_ban,
+ check_community_deleted_or_removed,
community::*,
get_local_user_view_from_jwt,
is_mod_or_admin,
if community.local {
if data.follow {
check_community_ban(local_user_view.person.id, community_id, context.pool()).await?;
+ check_community_deleted_or_removed(community_id, context.pool()).await?;
let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form);
blocking(context.pool(), follow)
use lemmy_api_common::{
blocking,
check_community_ban,
+ check_community_deleted_or_removed,
check_downvotes_enabled,
check_person_block,
get_local_user_view_from_jwt,
let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;
check_community_ban(local_user_view.person.id, post.community_id, context.pool()).await?;
+ check_community_deleted_or_removed(post.community_id, context.pool()).await?;
check_person_block(local_user_view.person.id, post.creator_id, context.pool()).await?;
context.pool(),
)
.await?;
+ check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
// Verify that only the mods can lock
is_mod_or_admin(
context.pool(),
)
.await?;
+ check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
// Verify that only the mods can sticky
is_mod_or_admin(
}
}
+pub async fn check_community_deleted_or_removed(
+ community_id: CommunityId,
+ pool: &DbPool,
+) -> Result<(), LemmyError> {
+ let community = blocking(pool, move |conn| Community::read(conn, community_id))
+ .await?
+ .map_err(|e| ApiError::err("couldnt_find_community", e))?;
+ if community.deleted || community.removed {
+ Err(ApiError::err_plain("deleted").into())
+ } else {
+ Ok(())
+ }
+}
+
+pub fn check_post_deleted_or_removed(post: &Post) -> Result<(), LemmyError> {
+ if post.deleted || post.removed {
+ Err(ApiError::err_plain("deleted").into())
+ } else {
+ Ok(())
+ }
+}
+
pub async fn check_person_block(
my_id: PersonId,
potential_blocker_id: PersonId,
use lemmy_api_common::{
blocking,
check_community_ban,
+ check_community_deleted_or_removed,
check_person_block,
+ check_post_deleted_or_removed,
comment::*,
get_local_user_view_from_jwt,
get_post,
let community_id = post.community_id;
check_community_ban(local_user_view.person.id, community_id, context.pool()).await?;
+ check_community_deleted_or_removed(community_id, context.pool()).await?;
+ check_post_deleted_or_removed(&post)?;
check_person_block(local_user_view.person.id, post.creator_id, context.pool()).await?;
use lemmy_api_common::{
blocking,
check_community_ban,
+ check_community_deleted_or_removed,
+ check_post_deleted_or_removed,
comment::*,
get_local_user_view_from_jwt,
send_local_notifs,
context.pool(),
)
.await?;
+ check_community_deleted_or_removed(orig_comment.community.id, context.pool()).await?;
+ check_post_deleted_or_removed(&orig_comment.post)?;
// Verify that only the creator can edit
if local_user_view.person.id != orig_comment.creator.id {
use lemmy_api_common::{
blocking,
check_community_ban,
+ check_community_deleted_or_removed,
get_local_user_view_from_jwt,
honeypot_check,
mark_post_as_read,
}
check_community_ban(local_user_view.person.id, data.community_id, context.pool()).await?;
+ check_community_deleted_or_removed(data.community_id, context.pool()).await?;
// Fetch post links and pictrs cached image
let data_url = data.url.as_ref();
use lemmy_api_common::{
blocking,
check_community_ban,
+ check_community_deleted_or_removed,
get_local_user_view_from_jwt,
is_mod_or_admin,
post::*,
context.pool(),
)
.await?;
+ check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
// Verify that only the creator can delete
if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {
use crate::PerformCrud;
use actix_web::web::Data;
-use lemmy_api_common::{blocking, check_community_ban, get_local_user_view_from_jwt, post::*};
+use lemmy_api_common::{
+ blocking,
+ check_community_ban,
+ check_community_deleted_or_removed,
+ get_local_user_view_from_jwt,
+ post::*,
+};
use lemmy_apub::activities::{post::create_or_update::CreateOrUpdatePost, CreateOrUpdateType};
use lemmy_db_queries::{source::post::Post_, Crud};
use lemmy_db_schema::{naive_now, source::post::*};
context.pool(),
)
.await?;
+ check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
// Verify that only the creator can edit
if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {
use crate::{
activities::{
+ check_community_deleted_or_removed,
comment::{collect_non_local_mentions, get_notif_recipients},
community::{announce::AnnouncableActivities, send_to_community},
extract_community,
objects::{comment::Note, FromApub, ToApub},
};
use activitystreams::{base::AnyBase, link::Mention, primitives::OneOrMany, unparsed::Unparsed};
-use lemmy_api_common::blocking;
+use lemmy_api_common::{blocking, check_post_deleted_or_removed};
use lemmy_apub_lib::{
data::Data,
traits::{ActivityFields, ActivityHandler, ActorType},
) -> Result<(), LemmyError> {
let community = extract_community(&self.cc, context, request_counter).await?;
let community_id = ObjectId::new(community.actor_id());
+ let post = self.object.get_parents(context, request_counter).await?.0;
verify_activity(self, &context.settings())?;
verify_person_in_community(&self.actor, &community_id, context, request_counter).await?;
verify_domains_match(self.actor.inner(), self.object.id_unchecked())?;
+ check_community_deleted_or_removed(&community)?;
+ check_post_deleted_or_removed(&post)?;
+
// TODO: should add a check that the correct community is in cc (probably needs changes to
// comment deserialization)
self.object.verify(context, request_counter).await?;
Ok(())
}
+pub(crate) fn check_community_deleted_or_removed(community: &Community) -> Result<(), LemmyError> {
+ if community.deleted || community.removed {
+ Err(anyhow!("New post or comment cannot be created in deleted or removed community").into())
+ } else {
+ Ok(())
+ }
+}
+
/// Generate a unique ID for an activity, in the format:
/// `http(s)://example.com/receive/create/202daf0a-1489-45df-8d2e-c8a3173fed36`
fn generate_activity_id<T>(kind: T, protocol_and_hostname: &str) -> Result<Url, ParseError>
use crate::{
activities::{
+ check_community_deleted_or_removed,
community::{announce::AnnouncableActivities, send_to_community},
generate_activity_id,
verify_activity,
verify_activity(self, &context.settings())?;
let community = self.cc[0].dereference(context, request_counter).await?;
verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
+ check_community_deleted_or_removed(&community)?;
+
match self.kind {
CreateOrUpdateType::Create => {
verify_domains_match(self.actor.inner(), self.object.id_unchecked())?;
Ok(&self.id)
}
- async fn get_parents(
+ pub(crate) async fn get_parents(
&self,
context: &LemmyContext,
request_counter: &mut i32,
projects / lemmy.git / commitdiff