Mods and admins can comment in locked posts (fixes #4116) (#4488)

* Mods and admins can comment in locked posts (fixes #4116)

* fmt

* fix

* fix test
remove_show_scores_column
Nutomic 2024-03-04 15:15:21 +01:00 committed by GitHub
parent eb1245bceb
commit 3c358e5b0b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 6 deletions

View File

@ -270,8 +270,10 @@ test("Lock a post", async () => {
post => !!post && post.post.locked, post => !!post && post.post.locked,
); );
// Try to make a new comment there, on alpha // Try to make a new comment there, on alpha. For this we need to create a normal
await expect(createComment(alpha, alphaPost1.post.id)).rejects.toStrictEqual( // user account because admins/mods can comment in locked posts.
let user = await registerUser(alpha, alphaUrl);
await expect(createComment(user, alphaPost1.post.id)).rejects.toStrictEqual(
Error("locked"), Error("locked"),
); );
@ -290,7 +292,7 @@ test("Lock a post", async () => {
expect(alphaPost2.post.locked).toBe(false); expect(alphaPost2.post.locked).toBe(false);
// Try to create a new comment, on alpha // Try to create a new comment, on alpha
let commentAlpha = await createComment(alpha, alphaPost1.post.id); let commentAlpha = await createComment(user, alphaPost1.post.id);
expect(commentAlpha).toBeDefined(); expect(commentAlpha).toBeDefined();
}); });

View File

@ -10,6 +10,7 @@ use lemmy_api_common::{
check_post_deleted_or_removed, check_post_deleted_or_removed,
generate_local_apub_endpoint, generate_local_apub_endpoint,
get_post, get_post,
is_mod_or_admin,
local_site_to_slur_regex, local_site_to_slur_regex,
process_markdown, process_markdown,
EndpointType, EndpointType,
@ -55,7 +56,10 @@ pub async fn create_comment(
check_post_deleted_or_removed(&post)?; check_post_deleted_or_removed(&post)?;
// Check if post is locked, no new comments // Check if post is locked, no new comments
if post.locked { let is_mod_or_admin = is_mod_or_admin(&mut context.pool(), &local_user_view.person, community_id)
.await
.is_ok();
if post.locked && !is_mod_or_admin {
Err(LemmyErrorType::Locked)? Err(LemmyErrorType::Locked)?
} }

View File

@ -18,7 +18,7 @@ use activitypub_federation::{
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
utils::{local_site_opt_to_slur_regex, process_markdown}, utils::{is_mod_or_admin, local_site_opt_to_slur_regex, process_markdown},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -142,7 +142,11 @@ impl Object for ApubComment {
verify_is_remote_object(note.id.inner(), context.settings())?; verify_is_remote_object(note.id.inner(), context.settings())?;
verify_person_in_community(&note.attributed_to, &community, context).await?; verify_person_in_community(&note.attributed_to, &community, context).await?;
let (post, _) = note.get_parents(context).await?; let (post, _) = note.get_parents(context).await?;
if post.locked { let creator = note.attributed_to.dereference(context).await?;
let is_mod_or_admin = is_mod_or_admin(&mut context.pool(), &creator, community.id)
.await
.is_ok();
if post.locked && !is_mod_or_admin {
Err(LemmyErrorType::PostIsLocked)? Err(LemmyErrorType::PostIsLocked)?
} else { } else {
Ok(()) Ok(())