magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add ignored user checks on /context and /event, misc cleanup

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-12-04 18:33:12 -05:00
parent ad0c5ceda4
commit fe1ce521aa
No known key found for this signature in database
2 changed files with 46 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/api/client/context.rs
View file

@ -79,11 +79,15 @@ pub(crate) async fn get_context_route(
let (base_token, base_event, visible) = try_join!(base_token, base_event, visible)?;
if base_event.room_id != body.room_id {
if base_event.room_id != body.room_id || base_event.event_id != body.event_id {
return Err!(Request(NotFound("Base event not found.")));
}
if !visible {
if !visible
|| ignored_filter(&services, (base_token, base_event.clone()), sender_user)
.await
.is_none()
{
return Err!(Request(Forbidden("You don't have permission to view this event.")));
}