Require approval before becoming admin/mod

crates/api/src/community/add_mod.rs

@@ -3,16 +3,18 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   community::{AddModToCommunity, AddModToCommunityResponse},
   context::LemmyContext,
-  utils::{get_local_user_view_from_jwt, is_mod_or_admin},
+  utils::{check_user_approved, get_local_user_view_from_jwt, is_mod_or_admin},
   websocket::UserOperation,
 };
 use lemmy_db_schema::{
   source::{
     community::{Community, CommunityModerator, CommunityModeratorForm},
+    local_site::LocalSite,
     moderator::{ModAddCommunity, ModAddCommunityForm},
   },
   traits::{Crud, Joinable},
 };
+use lemmy_db_views::structs::LocalUserView;
 use lemmy_db_views_actor::structs::CommunityModeratorView;
 use lemmy_utils::{error::LemmyError, ConnectionId};
 
@@ -39,6 +41,10 @@ impl Perform for AddModToCommunity {
       return Err(LemmyError::from_message("not_a_moderator"));
     }
 
+    let new_mod = LocalUserView::read_person(context.pool(), data.person_id).await?;
+    let local_site = LocalSite::read(context.pool()).await?;
+    check_user_approved(&new_mod, &local_site)?;
+
     // Update in local database
     let community_moderator_form = CommunityModeratorForm {
       community_id: data.community_id,

crates/api/src/local_user/add_admin.rs

@@ -3,16 +3,18 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   person::{AddAdmin, AddAdminResponse},
-  utils::{get_local_user_view_from_jwt, is_admin},
+  utils::{check_user_approved, get_local_user_view_from_jwt, is_admin},
   websocket::UserOperation,
 };
 use lemmy_db_schema::{
   source::{
+    local_site::LocalSite,
     moderator::{ModAdd, ModAddForm},
     person::{Person, PersonUpdateForm},
   },
   traits::Crud,
 };
+use lemmy_db_views::structs::LocalUserView;
 use lemmy_db_views_actor::structs::PersonViewSafe;
 use lemmy_utils::{error::LemmyError, ConnectionId};
 
@@ -33,6 +35,10 @@ impl Perform for AddAdmin {
     // Make sure user is an admin
     is_admin(&local_user_view)?;
 
+    let new_admin = LocalUserView::read_person(context.pool(), data.person_id).await?;
+    let local_site = LocalSite::read(context.pool()).await?;
+    check_user_approved(&new_admin, &local_site)?;
+
     let added = data.added;
     let added_person_id = data.person_id;
     let added_admin = Person::update(

crates/apub/src/activities/community/add_mod.rs

@@ -26,16 +26,18 @@ use activitystreams_kinds::{activity::AddType, public};
 use lemmy_api_common::{
   community::{AddModToCommunity, AddModToCommunityResponse},
   context::LemmyContext,
-  utils::{generate_moderators_url, get_local_user_view_from_jwt},
+  utils::{check_user_approved, generate_moderators_url, get_local_user_view_from_jwt},
 };
 use lemmy_db_schema::{
   source::{
     community::{Community, CommunityModerator, CommunityModeratorForm},
+    local_site::LocalSite,
     moderator::{ModAddCommunity, ModAddCommunityForm},
     person::Person,
   },
   traits::{Crud, Joinable},
 };
+use lemmy_db_views::structs::LocalUserView;
 use lemmy_utils::error::LemmyError;
 use url::Url;
 
@@ -114,6 +116,13 @@ impl ActivityHandler for AddMod {
       .dereference(context, local_instance(context).await, request_counter)
       .await?;
 
+    // user must be approved to become mod
+    if new_mod.local {
+      let new_mod = LocalUserView::read_person(context.pool(), new_mod.id).await?;
+      let local_site = LocalSite::read(context.pool()).await?;
+      check_user_approved(&new_mod, &local_site)?;
+    }
+
     // If we had to refetch the community while parsing the activity, then the new mod has already
     // been added. Skip it here as it would result in a duplicate key error.
     let new_mod_id = new_mod.id;