generated from t/malachite
fix: check blocks when adding users to chats
This commit is contained in:
parent
82eafdadb3
commit
1c1eb3be5d
2 changed files with 9 additions and 9 deletions
|
|
@ -3,6 +3,7 @@ use crate::{
|
||||||
database::DataManager,
|
database::DataManager,
|
||||||
get_user_from_token,
|
get_user_from_token,
|
||||||
model::{Chat, ChatStyle, GroupChatInfo, SocketMessage, SocketMethod},
|
model::{Chat, ChatStyle, GroupChatInfo, SocketMessage, SocketMethod},
|
||||||
|
routes::pages::misc::check_user_is_blocked,
|
||||||
};
|
};
|
||||||
use axum::{
|
use axum::{
|
||||||
Extension, Json,
|
Extension, Json,
|
||||||
|
|
@ -87,6 +88,10 @@ pub async fn create_request(
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if check_user_is_blocked(&x, &user, data).await {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
x.id
|
x.id
|
||||||
}
|
}
|
||||||
Err(e) => return Json(e.into()),
|
Err(e) => return Json(e.into()),
|
||||||
|
|
@ -170,12 +175,7 @@ pub async fn add_member_request(
|
||||||
Err(e) => return Json(e.into()),
|
Err(e) => return Json(e.into()),
|
||||||
};
|
};
|
||||||
|
|
||||||
if data
|
if check_user_is_blocked(&other_user, &user, data).await {
|
||||||
.2
|
|
||||||
.get_userblock_by_initiator_receiver(other_user.id, user.id)
|
|
||||||
.await
|
|
||||||
.is_ok()
|
|
||||||
{
|
|
||||||
return Json(Error::NotAllowed.into());
|
return Json(Error::NotAllowed.into());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ pub async fn login_request(jar: CookieJar, Extension(data): Extension<State>) ->
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn check_user_is_blocked(user: &User, other_user: &User, data: &DataManager) -> bool {
|
pub async fn check_user_is_blocked(user: &User, other_user: &User, data: &DataManager) -> bool {
|
||||||
(data
|
(data
|
||||||
.2
|
.2
|
||||||
.get_userblock_by_initiator_receiver(other_user.id, user.id)
|
.get_userblock_by_initiator_receiver(other_user.id, user.id)
|
||||||
|
|
@ -71,7 +71,7 @@ async fn check_user_is_blocked(user: &User, other_user: &User, data: &DataManage
|
||||||
&& !user.permissions.check(FinePermission::MANAGE_USERS)
|
&& !user.permissions.check(FinePermission::MANAGE_USERS)
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn check_user_blocked_or_private(
|
pub async fn check_user_blocked_or_private(
|
||||||
user: &Option<User>,
|
user: &Option<User>,
|
||||||
other_user: &User,
|
other_user: &User,
|
||||||
data: &DataManager,
|
data: &DataManager,
|
||||||
|
|
@ -86,7 +86,7 @@ async fn check_user_blocked_or_private(
|
||||||
{
|
{
|
||||||
// private profile and other_user isn't following user
|
// private profile and other_user isn't following user
|
||||||
return Err(Error::NotAllowed);
|
return Err(Error::NotAllowed);
|
||||||
} else if check_user_is_blocked(ua, other_user, data).await {
|
} else if check_user_is_blocked(other_user, ua, data).await {
|
||||||
// blocked
|
// blocked
|
||||||
return Err(Error::NotAllowed);
|
return Err(Error::NotAllowed);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue