lemmy/server/src/api
ryexandra 29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
..
claims.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
comment.rs Security/fix permission bugs (#966) 2020-07-14 09:17:25 -04:00
community.rs Security/fix permission bugs (#966) 2020-07-14 09:17:25 -04:00
mod.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
post.rs Security/fix permission bugs (#966) 2020-07-14 09:17:25 -04:00
site.rs Split code into cargo workspaces (#67) 2020-07-10 18:15:41 +00:00
user.rs Security/fix permission bugs (#966) 2020-07-14 09:17:25 -04:00