Dont allow posts to deleted / removed communities. Fixes #1827

crates/api/src/community.rs

@@ -4,6 +4,7 @@ use anyhow::Context;
 use lemmy_api_common::{
   blocking,
   check_community_ban,
+  check_community_deleted_or_removed,
   community::*,
   get_local_user_view_from_jwt,
   is_mod_or_admin,
@@ -70,6 +71,7 @@ impl Perform for FollowCommunity {
     if community.local {
       if data.follow {
         check_community_ban(local_user_view.person.id, community_id, context.pool()).await?;
+        check_community_deleted_or_removed(community_id, context.pool()).await?;
 
         let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form);
         if blocking(context.pool(), follow).await?.is_err() {

crates/api/src/post.rs

@@ -3,6 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   blocking,
   check_community_ban,
+  check_community_deleted_or_removed,
   check_downvotes_enabled,
   check_person_block,
   get_local_user_view_from_jwt,
@@ -49,6 +50,7 @@ impl Perform for CreatePostLike {
     let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;
 
     check_community_ban(local_user_view.person.id, post.community_id, context.pool()).await?;
+    check_community_deleted_or_removed(post.community_id, context.pool()).await?;
 
     check_person_block(local_user_view.person.id, post.creator_id, context.pool()).await?;
 
@@ -133,6 +135,7 @@ impl Perform for LockPost {
       context.pool(),
     )
     .await?;
+    check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
 
     // Verify that only the mods can lock
     is_mod_or_admin(
@@ -200,6 +203,7 @@ impl Perform for StickyPost {
       context.pool(),
     )
     .await?;
+    check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
 
     // Verify that only the mods can sticky
     is_mod_or_admin(

crates/api_common/src/lib.rs

@@ -357,6 +357,18 @@ pub async fn check_community_ban(
   }
 }
 
+pub async fn check_community_deleted_or_removed(
+  community_id: CommunityId,
+  pool: &DbPool,
+) -> Result<(), LemmyError> {
+  let community = blocking(pool, move |conn| Community::read(conn, community_id)).await??;
+  if community.deleted || community.removed {
+    Err(ApiError::err("deleted").into())
+  } else {
+    Ok(())
+  }
+}
+
 pub async fn check_person_block(
   my_id: PersonId,
   potential_blocker_id: PersonId,

crates/api_crud/src/comment/create.rs

@@ -3,6 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   blocking,
   check_community_ban,
+  check_community_deleted_or_removed,
   check_person_block,
   comment::*,
   get_local_user_view_from_jwt,
@@ -56,6 +57,7 @@ impl PerformCrud for CreateComment {
     let community_id = post.community_id;
 
     check_community_ban(local_user_view.person.id, community_id, context.pool()).await?;
+    check_community_deleted_or_removed(community_id, context.pool()).await?;
 
     check_person_block(local_user_view.person.id, post.creator_id, context.pool()).await?;
 

crates/api_crud/src/comment/update.rs

@@ -3,6 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   blocking,
   check_community_ban,
+  check_community_deleted_or_removed,
   comment::*,
   get_local_user_view_from_jwt,
   send_local_notifs,
@@ -48,6 +49,7 @@ impl PerformCrud for EditComment {
       context.pool(),
     )
     .await?;
+    check_community_deleted_or_removed(orig_comment.community.id, context.pool()).await?;
 
     // Verify that only the creator can edit
     if local_user_view.person.id != orig_comment.creator.id {

crates/api_crud/src/post/create.rs

@@ -3,6 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   blocking,
   check_community_ban,
+  check_community_deleted_or_removed,
   get_local_user_view_from_jwt,
   honeypot_check,
   mark_post_as_read,
@@ -54,6 +55,7 @@ impl PerformCrud for CreatePost {
     }
 
     check_community_ban(local_user_view.person.id, data.community_id, context.pool()).await?;
+    check_community_deleted_or_removed(data.community_id, context.pool()).await?;
 
     // Fetch post links and pictrs cached image
     let data_url = data.url.as_ref();

crates/api_crud/src/post/delete.rs

@@ -3,6 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   blocking,
   check_community_ban,
+  check_community_deleted_or_removed,
   get_local_user_view_from_jwt,
   is_mod_or_admin,
   post::*,
@@ -35,6 +36,7 @@ impl PerformCrud for DeletePost {
       context.pool(),
     )
     .await?;
+    check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
 
     // Verify that only the creator can delete
     if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {

crates/api_crud/src/post/update.rs

@@ -1,6 +1,12 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, check_community_ban, get_local_user_view_from_jwt, post::*};
+use lemmy_api_common::{
+  blocking,
+  check_community_ban,
+  check_community_deleted_or_removed,
+  get_local_user_view_from_jwt,
+  post::*,
+};
 use lemmy_apub::activities::{post::create_or_update::CreateOrUpdatePost, CreateOrUpdateType};
 use lemmy_db_queries::{source::post::Post_, Crud};
 use lemmy_db_schema::{naive_now, source::post::*};
@@ -45,6 +51,7 @@ impl PerformCrud for EditPost {
       context.pool(),
     )
     .await?;
+    check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?;
 
     // Verify that only the creator can edit
     if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {