mirrors/takahe
1
1
Fork 0
mirror of https://github.com/jointakahe/takahe.git synced 2024-11-19 13:51:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix post attachment author check on editing (#563)

Browse source
This commit is contained in:
Christof Dorner 2023-05-02 15:58:32 +00:00 committed by GitHub
parent 5759e1d5c1
commit ac54c7ff81
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
api/views/media.py
View file

@ -72,8 +72,11 @@ def update_media(
focus: QueryOrBody[str] = "0,0", focus: QueryOrBody[str] = "0,0",
) -> schemas.MediaAttachment: ) -> schemas.MediaAttachment:
attachment = get_object_or_404(PostAttachment, pk=id) attachment = get_object_or_404(PostAttachment, pk=id)
if attachment.post:
if attachment.post.author != request.identity: if attachment.post.author != request.identity:
raise ApiError(401, "Not the author of this attachment") raise ApiError(401, "Not the author of this attachment")
elif attachment.author != request.identity:
raise ApiError(401, "Not the author of this attachment")
attachment.name = description or None attachment.name = description or None
attachment.save() attachment.save()
return schemas.MediaAttachment.from_post_attachment(attachment) return schemas.MediaAttachment.from_post_attachment(attachment)