From cf426493e1f4fd3364cacf65e3eec32b61c1e136 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Thu, 25 Apr 2024 17:47:38 +0200 Subject: [PATCH] Fix community add mod check (fixes #4624) (#4667) --- Cargo.lock | 2 +- crates/api/src/community/add_mod.rs | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 61fcb5cd4..a6f217bfd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2588,7 +2588,7 @@ dependencies = [ "actix-web", "actix-web-httpauth", "anyhow", - "base64 0.21.7", + "base64 0.22.0", "bcrypt", "captcha", "chrono", diff --git a/crates/api/src/community/add_mod.rs b/crates/api/src/community/add_mod.rs index df6b3fbe4..5245f592e 100644 --- a/crates/api/src/community/add_mod.rs +++ b/crates/api/src/community/add_mod.rs @@ -36,8 +36,20 @@ pub async fn add_mod_to_community( let community = Community::read(&mut context.pool(), community_id) .await? .ok_or(LemmyErrorType::CouldntFindCommunity)?; + + // If user is admin and community is remote, explicitly check that he is a + // moderator. This is necessary because otherwise the action would be rejected + // by the community's home instance. if local_user_view.local_user.admin && !community.local { - Err(LemmyErrorType::NotAModerator)? + let is_mod = CommunityModeratorView::is_community_moderator( + &mut context.pool(), + community.id, + local_user_view.person.id, + ) + .await?; + if !is_mod { + Err(LemmyErrorType::NotAModerator)? + } } // Update in local database