diff --git a/crates/api/src/community.rs b/crates/api/src/community.rs index 28a79c701f..92685cf04b 100644 --- a/crates/api/src/community.rs +++ b/crates/api/src/community.rs @@ -4,6 +4,7 @@ use anyhow::Context; use lemmy_api_common::{ blocking, check_community_ban, + check_community_deleted_or_removed, community::*, get_local_user_view_from_jwt, is_mod_or_admin, @@ -70,6 +71,7 @@ impl Perform for FollowCommunity { if community.local { if data.follow { check_community_ban(local_user_view.person.id, community_id, context.pool()).await?; + check_community_deleted_or_removed(community_id, context.pool()).await?; let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form); if blocking(context.pool(), follow).await?.is_err() { diff --git a/crates/api/src/post.rs b/crates/api/src/post.rs index da828725db..d396fc5cbe 100644 --- a/crates/api/src/post.rs +++ b/crates/api/src/post.rs @@ -3,6 +3,7 @@ use actix_web::web::Data; use lemmy_api_common::{ blocking, check_community_ban, + check_community_deleted_or_removed, check_downvotes_enabled, check_person_block, get_local_user_view_from_jwt, @@ -49,6 +50,7 @@ impl Perform for CreatePostLike { let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??; check_community_ban(local_user_view.person.id, post.community_id, context.pool()).await?; + check_community_deleted_or_removed(post.community_id, context.pool()).await?; check_person_block(local_user_view.person.id, post.creator_id, context.pool()).await?; @@ -133,6 +135,7 @@ impl Perform for LockPost { context.pool(), ) .await?; + check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?; // Verify that only the mods can lock is_mod_or_admin( @@ -200,6 +203,7 @@ impl Perform for StickyPost { context.pool(), ) .await?; + check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?; // Verify that only the mods can sticky is_mod_or_admin( diff --git a/crates/api_common/src/lib.rs b/crates/api_common/src/lib.rs index 068de48a17..aff45e373f 100644 --- a/crates/api_common/src/lib.rs +++ b/crates/api_common/src/lib.rs @@ -357,6 +357,18 @@ pub async fn check_community_ban( } } +pub async fn check_community_deleted_or_removed( + community_id: CommunityId, + pool: &DbPool, +) -> Result<(), LemmyError> { + let community = blocking(pool, move |conn| Community::read(conn, community_id)).await??; + if community.deleted || community.removed { + Err(ApiError::err("deleted").into()) + } else { + Ok(()) + } +} + pub async fn check_person_block( my_id: PersonId, potential_blocker_id: PersonId, diff --git a/crates/api_crud/src/comment/create.rs b/crates/api_crud/src/comment/create.rs index 7d49fe1344..ab8dd62b5b 100644 --- a/crates/api_crud/src/comment/create.rs +++ b/crates/api_crud/src/comment/create.rs @@ -3,6 +3,7 @@ use actix_web::web::Data; use lemmy_api_common::{ blocking, check_community_ban, + check_community_deleted_or_removed, check_person_block, comment::*, get_local_user_view_from_jwt, @@ -56,6 +57,7 @@ impl PerformCrud for CreateComment { let community_id = post.community_id; check_community_ban(local_user_view.person.id, community_id, context.pool()).await?; + check_community_deleted_or_removed(community_id, context.pool()).await?; check_person_block(local_user_view.person.id, post.creator_id, context.pool()).await?; diff --git a/crates/api_crud/src/comment/update.rs b/crates/api_crud/src/comment/update.rs index 24e2ddbdd2..9815bb8761 100644 --- a/crates/api_crud/src/comment/update.rs +++ b/crates/api_crud/src/comment/update.rs @@ -3,6 +3,7 @@ use actix_web::web::Data; use lemmy_api_common::{ blocking, check_community_ban, + check_community_deleted_or_removed, comment::*, get_local_user_view_from_jwt, send_local_notifs, @@ -48,6 +49,7 @@ impl PerformCrud for EditComment { context.pool(), ) .await?; + check_community_deleted_or_removed(orig_comment.community.id, context.pool()).await?; // Verify that only the creator can edit if local_user_view.person.id != orig_comment.creator.id { diff --git a/crates/api_crud/src/post/create.rs b/crates/api_crud/src/post/create.rs index 2b6b4b572a..36630aaadc 100644 --- a/crates/api_crud/src/post/create.rs +++ b/crates/api_crud/src/post/create.rs @@ -3,6 +3,7 @@ use actix_web::web::Data; use lemmy_api_common::{ blocking, check_community_ban, + check_community_deleted_or_removed, get_local_user_view_from_jwt, honeypot_check, mark_post_as_read, @@ -54,6 +55,7 @@ impl PerformCrud for CreatePost { } check_community_ban(local_user_view.person.id, data.community_id, context.pool()).await?; + check_community_deleted_or_removed(data.community_id, context.pool()).await?; // Fetch post links and pictrs cached image let data_url = data.url.as_ref(); diff --git a/crates/api_crud/src/post/delete.rs b/crates/api_crud/src/post/delete.rs index 18ede8a374..ae0bcc5086 100644 --- a/crates/api_crud/src/post/delete.rs +++ b/crates/api_crud/src/post/delete.rs @@ -3,6 +3,7 @@ use actix_web::web::Data; use lemmy_api_common::{ blocking, check_community_ban, + check_community_deleted_or_removed, get_local_user_view_from_jwt, is_mod_or_admin, post::*, @@ -35,6 +36,7 @@ impl PerformCrud for DeletePost { context.pool(), ) .await?; + check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?; // Verify that only the creator can delete if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) { diff --git a/crates/api_crud/src/post/update.rs b/crates/api_crud/src/post/update.rs index b947868262..63c0db3d0c 100644 --- a/crates/api_crud/src/post/update.rs +++ b/crates/api_crud/src/post/update.rs @@ -1,6 +1,12 @@ use crate::PerformCrud; use actix_web::web::Data; -use lemmy_api_common::{blocking, check_community_ban, get_local_user_view_from_jwt, post::*}; +use lemmy_api_common::{ + blocking, + check_community_ban, + check_community_deleted_or_removed, + get_local_user_view_from_jwt, + post::*, +}; use lemmy_apub::activities::{post::create_or_update::CreateOrUpdatePost, CreateOrUpdateType}; use lemmy_db_queries::{source::post::Post_, Crud}; use lemmy_db_schema::{naive_now, source::post::*}; @@ -45,6 +51,7 @@ impl PerformCrud for EditPost { context.pool(), ) .await?; + check_community_deleted_or_removed(orig_post.community_id, context.pool()).await?; // Verify that only the creator can edit if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {