fix: user delete audit log

2025-06-22 19:21:30 -04:00 · 2025-06-22 19:21:30 -04:00 · 8c969cd56f
commit 8c969cd56f
parent aceb51c21c
3 changed files with 29 additions and 1 deletions
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -22,6 +22,7 @@ use tetratto_core::{
    cache::Cache,
    model::{
        auth::{InviteCode, Token, UserSettings},
+        moderation::AuditLogEntry,
        oauth,
        permissions::FinePermission,
        socket::{PacketType, SocketMessage, SocketMethod},
@ -393,6 +394,16 @@ pub async fn delete_user_request(

    if user.id != id && !user.permissions.check(FinePermission::MANAGE_USERS) {
        return Json(Error::NotAllowed.into());
+    } else if user.permissions.check(FinePermission::MANAGE_USERS) {
+        if let Err(e) = data
+            .create_audit_log_entry(AuditLogEntry::new(
+                user.id,
+                format!("invoked `delete_user` with x value `{id}`"),
+            ))
+            .await
+        {
+            return Json(e.into());
+        }
    }

    match data
--- a/crates/core/src/database/auth.rs
+++ b/crates/core/src/database/auth.rs
@ -394,7 +394,7 @@ impl DataManager {
        // delete stackblocks
        let res = execute!(
            &conn,
-            "DELETE FROM stackblocks WHERE owner = $1",
+            "DELETE FROM stackblocks WHERE initiator = $1",
            &[&(id as i64)]
        );

--- a/crates/core/src/database/posts.rs
+++ b/crates/core/src/database/posts.rs
@ -343,6 +343,11 @@ impl DataManager {
            let owner = post.owner;

            if let Some(ua) = users.get(&owner) {
+                // check if owner requires an account to view their posts (and if we have one)
+                if ua.settings.require_account && user.is_none() {
+                    continue;
+                }
+
                // stack
                let (can_view, stack) = self
                    .get_post_stack(
@ -376,6 +381,10 @@ impl DataManager {
            } else {
                let ua = self.get_user_by_id(owner).await?;

+                if ua.settings.require_account && user.is_none() {
+                    continue;
+                }
+
                if ua.permissions.check_banned() | ignore_users.contains(&owner)
                    && !ua.permissions.check(FinePermission::MANAGE_POSTS)
                {
@ -480,6 +489,10 @@ impl DataManager {
            let community = post.community;

            if let Some((ua, community)) = seen_before.get(&(owner, community)) {
+                if ua.settings.require_account && user.is_none() {
+                    continue;
+                }
+
                // stack
                let (can_view, stack) = self
                    .get_post_stack(
@ -514,6 +527,10 @@ impl DataManager {
            } else {
                let ua = self.get_user_by_id(owner).await?;

+                if ua.settings.require_account && user.is_none() {
+                    continue;
+                }
+
                if ua.permissions.check_banned() | ignore_users.contains(&owner)
                    && !ua.permissions.check(FinePermission::MANAGE_POSTS)
                {