Browse Source

Fixing user mention reading.

fix_security_mentions
Dessalines 7 months ago
parent
commit
32f14fe8a6
1 changed files with 9 additions and 8 deletions
  1. +9
    -8
      server/src/api/user.rs

+ 9
- 8
server/src/api/user.rs View File

@ -880,28 +880,29 @@ impl Perform for Oper<EditUserMention> {
};
let user_id = claims.id;
if user_id != data.user_mention_id {
return Err(APIError::err("couldnt_update_comment").into());
}
let user_mention_id = data.user_mention_id;
let user_mention =
let read_user_mention =
blocking(pool, move |conn| UserMention::read(conn, user_mention_id)).await??;
if user_id != read_user_mention.recipient_id {
return Err(APIError::err("couldnt_update_comment").into());
}
let user_mention_form = UserMentionForm {
recipient_id: user_id,
comment_id: user_mention.comment_id,
recipient_id: read_user_mention.recipient_id,
comment_id: read_user_mention.comment_id,
read: data.read.to_owned(),
};
let user_mention_id = user_mention.id;
let user_mention_id = read_user_mention.id;
let update_mention =
move |conn: &'_ _| UserMention::update(conn, user_mention_id, &user_mention_form);
if blocking(pool, update_mention).await?.is_err() {
return Err(APIError::err("couldnt_update_comment").into());
};
let user_mention_id = user_mention.id;
let user_mention_id = read_user_mention.id;
let user_mention_view = blocking(pool, move |conn| {
UserMentionView::read(conn, user_mention_id, user_id)
})


Loading…
Cancel
Save