diff options
author | ryexandra <68085235+ryexandra@users.noreply.github.com> | 2020-07-14 07:17:25 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-14 09:17:25 -0400 |
commit | 29037b49952dd95a08639b27b08c8a8e68a13026 (patch) | |
tree | eed2656e786b389aa599667df496632421ad91bd /server/src/apub/mod.rs | |
parent | 52983907c4d1b7fda1182316cb631f9b5e913f5b (diff) |
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint
* Check user is moderator in BanFromCommunity
* secure the `EditComment` API endpoint
* pass orig `read` prob when not explicitly updating it.
* Block random users from adding mods.
* use cleaner logic from `EditPost`
* prevent editing a community by a mod from transfering ownership to them
* secure `read` action in `EditPrivateMessage`
* Add check in UserMention
* only let the indended recipient mark as read
* simplify booleans to satisfy clippy
* requested changes + cargo +nightly fmt
* fix to pass federation tests for deleting comments and posts
Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
Diffstat (limited to 'server/src/apub/mod.rs')
-rw-r--r-- | server/src/apub/mod.rs | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/server/src/apub/mod.rs b/server/src/apub/mod.rs index 499f0352..cfb539fb 100644 --- a/server/src/apub/mod.rs +++ b/server/src/apub/mod.rs @@ -19,7 +19,8 @@ use crate::{ blocking, request::{retry, RecvError}, routes::webfinger::WebFingerResponse, - DbPool, LemmyError, + DbPool, + LemmyError, }; use activitystreams::object::Page; use activitystreams_ext::{Ext1, Ext2}; |