From ac54c7ff8167afafb94d3f36571dcf91e9dc00e8 Mon Sep 17 00:00:00 2001 From: Christof Dorner Date: Tue, 2 May 2023 15:58:32 +0000 Subject: [PATCH] Fix post attachment author check on editing (#563) --- api/views/media.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/api/views/media.py b/api/views/media.py index 2733ccd..e654e0d 100644 --- a/api/views/media.py +++ b/api/views/media.py @@ -72,7 +72,10 @@ def update_media( focus: QueryOrBody[str] = "0,0", ) -> schemas.MediaAttachment: attachment = get_object_or_404(PostAttachment, pk=id) - if attachment.post.author != request.identity: + if attachment.post: + if attachment.post.author != request.identity: + raise ApiError(401, "Not the author of this attachment") + elif attachment.author != request.identity: raise ApiError(401, "Not the author of this attachment") attachment.name = description or None attachment.save()