From 8a27978ee17dabb2b0b6c75f8a0e2b562a63ced5 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Tue, 14 Feb 2023 21:04:23 -0500 Subject: [PATCH] Removing checking permissions when editing posts and comments. (#2727) * Removing checking permissions when editing posts and comments. Fixes #2714 * Running cargo fmt again. * Adding back in community ban checks. --- crates/api_crud/src/comment/update.rs | 5 ----- crates/api_crud/src/post/update.rs | 8 +------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/crates/api_crud/src/comment/update.rs b/crates/api_crud/src/comment/update.rs index 27d65cbe8..0cc203a66 100644 --- a/crates/api_crud/src/comment/update.rs +++ b/crates/api_crud/src/comment/update.rs @@ -5,8 +5,6 @@ use lemmy_api_common::{ context::LemmyContext, utils::{ check_community_ban, - check_community_deleted_or_removed, - check_post_deleted_or_removed, get_local_user_view_from_jwt, is_mod_or_admin, local_site_to_slur_regex, @@ -50,15 +48,12 @@ impl PerformCrud for EditComment { let comment_id = data.comment_id; let orig_comment = CommentView::read(context.pool(), comment_id, None).await?; - // TODO is this necessary? It should really only need to check on create check_community_ban( local_user_view.person.id, orig_comment.community.id, context.pool(), ) .await?; - check_community_deleted_or_removed(orig_comment.community.id, context.pool()).await?; - check_post_deleted_or_removed(&orig_comment.post)?; // Verify that only the creator can edit if local_user_view.person.id != orig_comment.creator.id { diff --git a/crates/api_crud/src/post/update.rs b/crates/api_crud/src/post/update.rs index ecb9bf08b..27a4f4dc0 100644 --- a/crates/api_crud/src/post/update.rs +++ b/crates/api_crud/src/post/update.rs @@ -4,12 +4,7 @@ use lemmy_api_common::{ context::LemmyContext, post::{EditPost, PostResponse}, request::fetch_site_data, - utils::{ - check_community_ban, - check_community_deleted_or_removed, - get_local_user_view_from_jwt, - local_site_to_slur_regex, - }, + utils::{check_community_ban, get_local_user_view_from_jwt, local_site_to_slur_regex}, websocket::{send::send_post_ws_message, UserOperationCrud}, }; use lemmy_db_schema::{ @@ -68,7 +63,6 @@ impl PerformCrud for EditPost { context.pool(), ) .await?; - check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?; // Verify that only the creator can edit if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {