mirror of
https://github.com/LemmyNet/lemmy.git
synced 2024-10-01 01:36:12 -04:00
* Fix federation of admin actions (fixes #3980) * clippy --------- Co-authored-by: Dessalines <tyhou13@gmx.com>
This commit is contained in:
parent
9a9ece8fa4
commit
50589115e0
@ -329,22 +329,29 @@ test("Remove a post from admin and community on same instance", async () => {
|
||||
throw "Missing beta community";
|
||||
}
|
||||
await followBeta(alpha);
|
||||
let postRes = await createPost(alpha, betaCommunity.community.id);
|
||||
let gammaCommunity = await resolveCommunity(
|
||||
gamma,
|
||||
betaCommunity.community.actor_id,
|
||||
);
|
||||
let postRes = await createPost(gamma, gammaCommunity.community!.community.id);
|
||||
expect(postRes.post_view.post).toBeDefined();
|
||||
// Get the id for beta
|
||||
let betaPost = await waitForPost(beta, postRes.post_view.post);
|
||||
expect(betaPost).toBeDefined();
|
||||
|
||||
let alphaPost0 = await waitForPost(alpha, postRes.post_view.post);
|
||||
expect(alphaPost0).toBeDefined();
|
||||
|
||||
// The beta admin removes it (the community lives on beta)
|
||||
let removePostRes = await removePost(beta, true, betaPost.post);
|
||||
expect(removePostRes.post_view.post.removed).toBe(true);
|
||||
|
||||
// Make sure lemmy alpha sees post is removed
|
||||
let alphaPost = await waitUntil(
|
||||
() => getPost(alpha, postRes.post_view.post.id),
|
||||
() => getPost(alpha, alphaPost0.post.id),
|
||||
p => p?.post_view.post.removed ?? false,
|
||||
);
|
||||
expect(alphaPost.post_view?.post.removed).toBe(true);
|
||||
expect(alphaPost?.post_view.post.removed).toBe(true);
|
||||
assertPostFederation(alphaPost.post_view, removePostRes.post_view);
|
||||
|
||||
// Undelete
|
||||
|
@ -141,7 +141,7 @@ impl ActivityHandler for BlockUser {
|
||||
}
|
||||
SiteOrCommunity::Community(community) => {
|
||||
verify_person_in_community(&self.actor, &community, context).await?;
|
||||
verify_mod_action(&self.actor, self.object.inner(), community.id, context).await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
|
@ -119,7 +119,7 @@ impl ActivityHandler for CollectionAdd {
|
||||
verify_is_public(&self.to, &self.cc)?;
|
||||
let community = self.community(context).await?;
|
||||
verify_person_in_community(&self.actor, &community, context).await?;
|
||||
verify_mod_action(&self.actor, &self.object, community.id, context).await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
@ -114,7 +114,7 @@ impl ActivityHandler for CollectionRemove {
|
||||
verify_is_public(&self.to, &self.cc)?;
|
||||
let community = self.community(context).await?;
|
||||
verify_person_in_community(&self.actor, &community, context).await?;
|
||||
verify_mod_action(&self.actor, &self.object, community.id, context).await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
@ -52,7 +52,7 @@ impl ActivityHandler for LockPage {
|
||||
let community = self.community(context).await?;
|
||||
verify_person_in_community(&self.actor, &community, context).await?;
|
||||
check_community_deleted_or_removed(&community)?;
|
||||
verify_mod_action(&self.actor, self.object.inner(), community.id, context).await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@ -86,13 +86,7 @@ impl ActivityHandler for UndoLockPage {
|
||||
let community = self.community(context).await?;
|
||||
verify_person_in_community(&self.actor, &community, context).await?;
|
||||
check_community_deleted_or_removed(&community)?;
|
||||
verify_mod_action(
|
||||
&self.actor,
|
||||
self.object.object.inner(),
|
||||
community.id,
|
||||
context,
|
||||
)
|
||||
.await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
@ -76,7 +76,7 @@ impl ActivityHandler for UpdateCommunity {
|
||||
verify_is_public(&self.to, &self.cc)?;
|
||||
let community = self.community(context).await?;
|
||||
verify_person_in_community(&self.actor, &community, context).await?;
|
||||
verify_mod_action(&self.actor, self.object.id.inner(), community.id, context).await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
ApubCommunity::verify(&self.object, &community.actor_id.clone().into(), context).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
@ -127,7 +127,7 @@ impl ActivityHandler for CreateOrUpdatePage {
|
||||
CreateOrUpdateType::Update => {
|
||||
let is_mod_action = self.object.is_mod_action(context).await?;
|
||||
if is_mod_action {
|
||||
verify_mod_action(&self.actor, self.object.id.inner(), community.id, context).await?;
|
||||
verify_mod_action(&self.actor, &community, context).await?;
|
||||
} else {
|
||||
verify_domains_match(self.actor.inner(), self.object.id.inner())?;
|
||||
verify_urls_match(self.actor.inner(), self.object.creator()?.inner())?;
|
||||
|
@ -189,7 +189,7 @@ pub(in crate::activities) async fn verify_delete_activity(
|
||||
verify_person_in_community(&activity.actor, &community, context).await?;
|
||||
}
|
||||
// community deletion is always a mod (or admin) action
|
||||
verify_mod_action(&activity.actor, activity.object.id(), community.id, context).await?;
|
||||
verify_mod_action(&activity.actor, &community, context).await?;
|
||||
}
|
||||
DeletableObjects::Post(p) => {
|
||||
verify_is_public(&activity.to, &[])?;
|
||||
@ -231,7 +231,7 @@ async fn verify_delete_post_or_comment(
|
||||
) -> Result<(), LemmyError> {
|
||||
verify_person_in_community(actor, community, context).await?;
|
||||
if is_mod_action {
|
||||
verify_mod_action(actor, object_id, community.id, context).await?;
|
||||
verify_mod_action(actor, community, context).await?;
|
||||
} else {
|
||||
// domain of post ap_id and post.creator ap_id are identical, so we just check the former
|
||||
verify_domains_match(actor.inner(), object_id)?;
|
||||
|
@ -37,12 +37,9 @@ use lemmy_api_common::{
|
||||
context::LemmyContext,
|
||||
send_activity::{ActivityChannel, SendActivityData},
|
||||
};
|
||||
use lemmy_db_schema::{
|
||||
newtypes::CommunityId,
|
||||
source::{
|
||||
use lemmy_db_schema::source::{
|
||||
activity::{ActivitySendTargets, ActorType, SentActivity, SentActivityForm},
|
||||
community::Community,
|
||||
},
|
||||
};
|
||||
use lemmy_db_views_actor::structs::{CommunityPersonBanView, CommunityView};
|
||||
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType, LemmyResult};
|
||||
@ -113,22 +110,21 @@ pub(crate) async fn verify_person_in_community(
|
||||
#[tracing::instrument(skip_all)]
|
||||
pub(crate) async fn verify_mod_action(
|
||||
mod_id: &ObjectId<ApubPerson>,
|
||||
object_id: &Url,
|
||||
community_id: CommunityId,
|
||||
community: &Community,
|
||||
context: &Data<LemmyContext>,
|
||||
) -> Result<(), LemmyError> {
|
||||
let mod_ = mod_id.dereference(context).await?;
|
||||
|
||||
let is_mod_or_admin =
|
||||
CommunityView::is_mod_or_admin(&mut context.pool(), mod_.id, community_id).await?;
|
||||
CommunityView::is_mod_or_admin(&mut context.pool(), mod_.id, community.id).await?;
|
||||
if is_mod_or_admin {
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
// mod action comes from the same instance as the moderated object, so it was presumably done
|
||||
// mod action comes from the same instance as the community, so it was presumably done
|
||||
// by an instance admin.
|
||||
// TODO: federate instance admin status and check it here
|
||||
if mod_id.inner().domain() == object_id.domain() {
|
||||
if mod_id.inner().domain() == community.actor_id.domain() {
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit de9de2c53bee034d3824ecaa9a2104f8f341332e
|
||||
Subproject commit b122306e52d94807528068a7e8f8011c29d31db1
|
Loading…
Reference in New Issue
Block a user