diff --git a/crates/api/src/community/add_mod.rs b/crates/api/src/community/add_mod.rs index 28f56cffd..b5f6befcc 100644 --- a/crates/api/src/community/add_mod.rs +++ b/crates/api/src/community/add_mod.rs @@ -3,16 +3,18 @@ use actix_web::web::Data; use lemmy_api_common::{ community::{AddModToCommunity, AddModToCommunityResponse}, context::LemmyContext, - utils::{get_local_user_view_from_jwt, is_mod_or_admin}, + utils::{check_user_approved, get_local_user_view_from_jwt, is_mod_or_admin}, websocket::UserOperation, }; use lemmy_db_schema::{ source::{ community::{Community, CommunityModerator, CommunityModeratorForm}, + local_site::LocalSite, moderator::{ModAddCommunity, ModAddCommunityForm}, }, traits::{Crud, Joinable}, }; +use lemmy_db_views::structs::LocalUserView; use lemmy_db_views_actor::structs::CommunityModeratorView; use lemmy_utils::{error::LemmyError, ConnectionId}; @@ -39,6 +41,10 @@ impl Perform for AddModToCommunity { return Err(LemmyError::from_message("not_a_moderator")); } + let new_mod = LocalUserView::read_person(context.pool(), data.person_id).await?; + let local_site = LocalSite::read(context.pool()).await?; + check_user_approved(&new_mod, &local_site)?; + // Update in local database let community_moderator_form = CommunityModeratorForm { community_id: data.community_id, diff --git a/crates/api/src/local_user/add_admin.rs b/crates/api/src/local_user/add_admin.rs index 3b22c4476..c55d86d5f 100644 --- a/crates/api/src/local_user/add_admin.rs +++ b/crates/api/src/local_user/add_admin.rs @@ -3,16 +3,18 @@ use actix_web::web::Data; use lemmy_api_common::{ context::LemmyContext, person::{AddAdmin, AddAdminResponse}, - utils::{get_local_user_view_from_jwt, is_admin}, + utils::{check_user_approved, get_local_user_view_from_jwt, is_admin}, websocket::UserOperation, }; use lemmy_db_schema::{ source::{ + local_site::LocalSite, moderator::{ModAdd, ModAddForm}, person::{Person, PersonUpdateForm}, }, traits::Crud, }; +use lemmy_db_views::structs::LocalUserView; use lemmy_db_views_actor::structs::PersonViewSafe; use lemmy_utils::{error::LemmyError, ConnectionId}; @@ -33,6 +35,10 @@ impl Perform for AddAdmin { // Make sure user is an admin is_admin(&local_user_view)?; + let new_admin = LocalUserView::read_person(context.pool(), data.person_id).await?; + let local_site = LocalSite::read(context.pool()).await?; + check_user_approved(&new_admin, &local_site)?; + let added = data.added; let added_person_id = data.person_id; let added_admin = Person::update( diff --git a/crates/apub/src/activities/community/add_mod.rs b/crates/apub/src/activities/community/add_mod.rs index 1bc31b48c..dffb92cd1 100644 --- a/crates/apub/src/activities/community/add_mod.rs +++ b/crates/apub/src/activities/community/add_mod.rs @@ -26,16 +26,18 @@ use activitystreams_kinds::{activity::AddType, public}; use lemmy_api_common::{ community::{AddModToCommunity, AddModToCommunityResponse}, context::LemmyContext, - utils::{generate_moderators_url, get_local_user_view_from_jwt}, + utils::{check_user_approved, generate_moderators_url, get_local_user_view_from_jwt}, }; use lemmy_db_schema::{ source::{ community::{Community, CommunityModerator, CommunityModeratorForm}, + local_site::LocalSite, moderator::{ModAddCommunity, ModAddCommunityForm}, person::Person, }, traits::{Crud, Joinable}, }; +use lemmy_db_views::structs::LocalUserView; use lemmy_utils::error::LemmyError; use url::Url; @@ -114,6 +116,13 @@ impl ActivityHandler for AddMod { .dereference(context, local_instance(context).await, request_counter) .await?; + // user must be approved to become mod + if new_mod.local { + let new_mod = LocalUserView::read_person(context.pool(), new_mod.id).await?; + let local_site = LocalSite::read(context.pool()).await?; + check_user_approved(&new_mod, &local_site)?; + } + // If we had to refetch the community while parsing the activity, then the new mod has already // been added. Skip it here as it would result in a duplicate key error. let new_mod_id = new_mod.id;