From 303703a9a6687f72a5c9cf45b13de71de2d8ece8 Mon Sep 17 00:00:00 2001
From: trisua <me@trisua.com>
Date: Thu, 8 May 2025 17:12:15 -0400
Subject: [PATCH] add: don't allow blocked users to react to posts

---
 crates/core/src/database/reactions.rs | 50 ++++++++++++++++++---------
 crates/core/src/model/reactions.rs    |  2 +-
 2 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/crates/core/src/database/reactions.rs b/crates/core/src/database/reactions.rs
index 83ef2cc..5ac9bd5 100644
--- a/crates/core/src/database/reactions.rs
+++ b/crates/core/src/database/reactions.rs
@@ -67,6 +67,31 @@ impl DataManager {
             Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
         };
 
+        if data.asset_type == AssetType::Post {
+            let post = self.get_post_by_id(data.asset).await?;
+
+            if self
+                .get_userblock_by_initiator_receiver(post.owner, user.id)
+                .await
+                .is_ok()
+                && !user.permissions.check(FinePermission::MANAGE_POSTS)
+            {
+                return Err(Error::NotAllowed);
+            }
+        } else if data.asset_type == AssetType::Question {
+            let question = self.get_question_by_id(data.asset).await?;
+
+            if self
+                .get_userblock_by_initiator_receiver(question.owner, user.id)
+                .await
+                .is_ok()
+                && !user.permissions.check(FinePermission::MANAGE_POSTS)
+            {
+                return Err(Error::NotAllowed);
+            }
+        }
+
+        // ...
         let res = execute!(
             &conn,
             "INSERT INTO reactions VALUES ($1, $2, $3, $4, $5, $6)",
@@ -125,22 +150,15 @@ impl DataManager {
                     let post = self.get_post_by_id(data.asset).await.unwrap();
 
                     if post.owner != user.id {
-                        // check block status (don't send notif if blocked)
-                        if self
-                            .get_userblock_by_initiator_receiver(post.owner, user.id)
-                            .await
-                            .is_err()
-                        {
-                            self.create_notification(Notification::new(
-                                "Your post has received a like!".to_string(),
-                                format!(
-                                    "[@{}](/api/v1/auth/user/find/{}) has liked your [post](/post/{})!",
-                                    user.username, user.id, data.asset
-                                ),
-                                post.owner,
-                            ))
-                            .await?
-                        }
+                        self.create_notification(Notification::new(
+                            "Your post has received a like!".to_string(),
+                            format!(
+                                "[@{}](/api/v1/auth/user/find/{}) has liked your [post](/post/{})!",
+                                user.username, user.id, data.asset
+                            ),
+                            post.owner,
+                        ))
+                        .await?
                     }
                 }
             }
diff --git a/crates/core/src/model/reactions.rs b/crates/core/src/model/reactions.rs
index 8f634af..239f8b2 100644
--- a/crates/core/src/model/reactions.rs
+++ b/crates/core/src/model/reactions.rs
@@ -2,7 +2,7 @@ use serde::{Deserialize, Serialize};
 use tetratto_shared::{snow::Snowflake, unix_epoch_timestamp};
 
 /// All of the items which support reactions.
-#[derive(Serialize, Deserialize)]
+#[derive(Serialize, Deserialize, PartialEq, Eq)]
 pub enum AssetType {
     #[serde(alias = "community")]
     Community,