From 809fc05cb3f8beb746b14b055c651d41cebbcbea Mon Sep 17 00:00:00 2001
From: Nutomic <me@nutomic.com>
Date: Fri, 1 Dec 2023 15:16:22 +0100
Subject: [PATCH] Only allow distinguishing own comments (fixes #4216) (#4222)

---
 crates/api/src/comment/distinguish.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/api/src/comment/distinguish.rs b/crates/api/src/comment/distinguish.rs
index f29e01f76..a346bf4ca 100644
--- a/crates/api/src/comment/distinguish.rs
+++ b/crates/api/src/comment/distinguish.rs
@@ -26,6 +26,11 @@ pub async fn distinguish_comment(
   )
   .await?;
 
+  // Verify that only the creator can distinguish
+  if local_user_view.person.id != orig_comment.creator.id {
+    Err(LemmyErrorType::NoCommentEditAllowed)?
+  }
+
   // Verify that only a mod or admin can distinguish a comment
   check_community_mod_action(
     &local_user_view.person,