t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions

fix: user delete audit log

Browse source
This commit is contained in:
trisua 2025-06-22 19:21:30 -04:00
parent aceb51c21c
commit 8c969cd56f
3 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
crates/app/src/routes/api/v1/auth/profile.rs
View file

@ -22,6 +22,7 @@ use tetratto_core::{
cache::Cache, cache::Cache,
model::{ model::{
auth::{InviteCode, Token, UserSettings}, auth::{InviteCode, Token, UserSettings},
moderation::AuditLogEntry,
oauth, oauth,
permissions::FinePermission, permissions::FinePermission,
socket::{PacketType, SocketMessage, SocketMethod}, socket::{PacketType, SocketMessage, SocketMethod},
@ -393,6 +394,16 @@ pub async fn delete_user_request(
if user.id != id && !user.permissions.check(FinePermission::MANAGE_USERS) { if user.id != id && !user.permissions.check(FinePermission::MANAGE_USERS) {
return Json(Error::NotAllowed.into()); return Json(Error::NotAllowed.into());
} else if user.permissions.check(FinePermission::MANAGE_USERS) {
if let Err(e) = data
.create_audit_log_entry(AuditLogEntry::new(
user.id,
format!("invoked `delete_user` with x value `{id}`"),
))
.await
{
return Json(e.into());
}
} }
match data match data

2
crates/core/src/database/auth.rs
View file

@ -394,7 +394,7 @@ impl DataManager {
// delete stackblocks // delete stackblocks
let res = execute!( let res = execute!(
&conn, &conn,
"DELETE FROM stackblocks WHERE owner = $1", "DELETE FROM stackblocks WHERE initiator = $1",
&[&(id as i64)] &[&(id as i64)]
); );

17
crates/core/src/database/posts.rs
View file

@ -343,6 +343,11 @@ impl DataManager {
let owner = post.owner; let owner = post.owner;
if let Some(ua) = users.get(&owner) { if let Some(ua) = users.get(&owner) {
// check if owner requires an account to view their posts (and if we have one)
if ua.settings.require_account && user.is_none() {
continue;
}
// stack // stack
let (can_view, stack) = self let (can_view, stack) = self
.get_post_stack( .get_post_stack(
@ -376,6 +381,10 @@ impl DataManager {
} else { } else {
let ua = self.get_user_by_id(owner).await?; let ua = self.get_user_by_id(owner).await?;
if ua.settings.require_account && user.is_none() {
continue;
}
if ua.permissions.check_banned() | ignore_users.contains(&owner) if ua.permissions.check_banned() | ignore_users.contains(&owner)
&& !ua.permissions.check(FinePermission::MANAGE_POSTS) && !ua.permissions.check(FinePermission::MANAGE_POSTS)
{ {
@ -480,6 +489,10 @@ impl DataManager {
let community = post.community; let community = post.community;
if let Some((ua, community)) = seen_before.get(&(owner, community)) { if let Some((ua, community)) = seen_before.get(&(owner, community)) {
if ua.settings.require_account && user.is_none() {
continue;
}
// stack // stack
let (can_view, stack) = self let (can_view, stack) = self
.get_post_stack( .get_post_stack(
@ -514,6 +527,10 @@ impl DataManager {
} else { } else {
let ua = self.get_user_by_id(owner).await?; let ua = self.get_user_by_id(owner).await?;
if ua.settings.require_account && user.is_none() {
continue;
}
if ua.permissions.check_banned() | ignore_users.contains(&owner) if ua.permissions.check_banned() | ignore_users.contains(&owner)
&& !ua.permissions.check(FinePermission::MANAGE_POSTS) && !ua.permissions.check(FinePermission::MANAGE_POSTS)
{ {