mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-22 15:21:01 +00:00
Fix post attachment author check on editing (#563)
This commit is contained in:
parent
5759e1d5c1
commit
ac54c7ff81
1 changed files with 4 additions and 1 deletions
|
@ -72,8 +72,11 @@ def update_media(
|
||||||
focus: QueryOrBody[str] = "0,0",
|
focus: QueryOrBody[str] = "0,0",
|
||||||
) -> schemas.MediaAttachment:
|
) -> schemas.MediaAttachment:
|
||||||
attachment = get_object_or_404(PostAttachment, pk=id)
|
attachment = get_object_or_404(PostAttachment, pk=id)
|
||||||
|
if attachment.post:
|
||||||
if attachment.post.author != request.identity:
|
if attachment.post.author != request.identity:
|
||||||
raise ApiError(401, "Not the author of this attachment")
|
raise ApiError(401, "Not the author of this attachment")
|
||||||
|
elif attachment.author != request.identity:
|
||||||
|
raise ApiError(401, "Not the author of this attachment")
|
||||||
attachment.name = description or None
|
attachment.name = description or None
|
||||||
attachment.save()
|
attachment.save()
|
||||||
return schemas.MediaAttachment.from_post_attachment(attachment)
|
return schemas.MediaAttachment.from_post_attachment(attachment)
|
||||||
|
|
Loading…
Reference in a new issue