Verifying correct user for edits

- Fixes #31
This commit is contained in:
Dessalines 2019-04-04 17:25:21 -07:00
parent 6310d9389d
commit 977b1985e3
2 changed files with 20 additions and 2 deletions

View file

@ -914,6 +914,12 @@ impl Perform for EditComment {
let user_id = claims.id; let user_id = claims.id;
// Verify its the creator
let orig_comment = Comment::read(&conn, self.edit_id).unwrap();
if user_id != orig_comment.creator_id {
return self.error("Incorrect creator.");
}
let comment_form = CommentForm { let comment_form = CommentForm {
content: self.content.to_owned(), content: self.content.to_owned(),
parent_id: self.parent_id, parent_id: self.parent_id,
@ -1149,6 +1155,12 @@ impl Perform for EditPost {
let user_id = claims.id; let user_id = claims.id;
// Verify its the creator
let orig_post = Post::read(&conn, self.edit_id).unwrap();
if user_id != orig_post.creator_id {
return self.error("Incorrect creator.");
}
let post_form = PostForm { let post_form = PostForm {
name: self.name.to_owned(), name: self.name.to_owned(),
url: self.url.to_owned(), url: self.url.to_owned(),
@ -1210,6 +1222,14 @@ impl Perform for EditCommunity {
let user_id = claims.id; let user_id = claims.id;
// Verify its a mod
let moderator_view = CommunityModeratorView::for_community(&conn, self.edit_id).unwrap();
let mod_ids: Vec<i32> = moderator_view.into_iter().map(|m| m.user_id).collect();
if !mod_ids.contains(&user_id) {
return self.error("Incorrect creator.");
};
let community_form = CommunityForm { let community_form = CommunityForm {
name: self.name.to_owned(), name: self.name.to_owned(),
title: self.title.to_owned(), title: self.title.to_owned(),

View file

@ -133,10 +133,8 @@ export class PostForm extends Component<PostFormProps, PostFormState> {
} }
parseMessage(msg: any) { parseMessage(msg: any) {
console.log(msg);
let op: UserOperation = msgOp(msg); let op: UserOperation = msgOp(msg);
if (msg.error) { if (msg.error) {
alert(msg.error);
return; return;
} else if (op == UserOperation.ListCommunities) { } else if (op == UserOperation.ListCommunities) {
let res: ListCommunitiesResponse = msg; let res: ListCommunitiesResponse = msg;