diff options
Diffstat (limited to 'server/src/api/user.rs')
-rw-r--r-- | server/src/api/user.rs | 72 |
1 files changed, 47 insertions, 25 deletions
diff --git a/server/src/api/user.rs b/server/src/api/user.rs index 9f33843f..d547f64b 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -882,23 +882,27 @@ impl Perform for Oper<EditUserMention> { let user_id = claims.id; let user_mention_id = data.user_mention_id; - let user_mention = + let read_user_mention = blocking(pool, move |conn| UserMention::read(conn, user_mention_id)).await??; + if user_id != read_user_mention.recipient_id { + return Err(APIError::err("couldnt_update_comment").into()); + } + let user_mention_form = UserMentionForm { - recipient_id: user_id, - comment_id: user_mention.comment_id, + recipient_id: read_user_mention.recipient_id, + comment_id: read_user_mention.comment_id, read: data.read.to_owned(), }; - let user_mention_id = user_mention.id; + let user_mention_id = read_user_mention.id; let update_mention = move |conn: &'_ _| UserMention::update(conn, user_mention_id, &user_mention_form); if blocking(pool, update_mention).await?.is_err() { return Err(APIError::err("couldnt_update_comment").into()); }; - let user_mention_id = user_mention.id; + let user_mention_id = read_user_mention.id; let user_mention_view = blocking(pool, move |conn| { UserMentionView::read(conn, user_mention_id, user_id) }) @@ -1310,23 +1314,35 @@ impl Perform for Oper<EditPrivateMessage> { let content_slurs_removed = match &data.content { Some(content) => remove_slurs(content), - None => orig_private_message.content, + None => orig_private_message.content.clone(), }; - let private_message_form = PrivateMessageForm { - content: content_slurs_removed, - creator_id: orig_private_message.creator_id, - recipient_id: orig_private_message.recipient_id, - deleted: data.deleted.to_owned(), - read: data.read.to_owned(), - updated: if data.read.is_some() { - orig_private_message.updated + let private_message_form = { + if data.read.is_some() { + PrivateMessageForm { + content: orig_private_message.content.to_owned(), + creator_id: orig_private_message.creator_id, + recipient_id: orig_private_message.recipient_id, + read: data.read.to_owned(), + updated: orig_private_message.updated, + deleted: Some(orig_private_message.deleted), + ap_id: orig_private_message.ap_id, + local: orig_private_message.local, + published: None, + } } else { - Some(naive_now()) - }, - ap_id: orig_private_message.ap_id, - local: orig_private_message.local, - published: None, + PrivateMessageForm { + content: content_slurs_removed, + creator_id: orig_private_message.creator_id, + recipient_id: orig_private_message.recipient_id, + deleted: data.deleted.to_owned(), + read: Some(orig_private_message.read), + updated: Some(naive_now()), + ap_id: orig_private_message.ap_id, + local: orig_private_message.local, + published: None, + } + } }; let edit_id = data.edit_id; @@ -1339,14 +1355,20 @@ impl Perform for Oper<EditPrivateMessage> { Err(_e) => return Err(APIError::err("couldnt_update_private_message").into()), }; - if let Some(deleted) = data.deleted.to_owned() { - if deleted { - updated_private_message - .send_delete(&user, &self.client, pool) - .await?; + if data.read.is_none() { + if let Some(deleted) = data.deleted.to_owned() { + if deleted { + updated_private_message + .send_delete(&user, &self.client, pool) + .await?; + } else { + updated_private_message + .send_undo_delete(&user, &self.client, pool) + .await?; + } } else { updated_private_message - .send_undo_delete(&user, &self.client, pool) + .send_update(&user, &self.client, pool) .await?; } } else { |