From 550a93aed9409635edc43362297a65b62c284894 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Mon, 14 Mar 2022 18:35:57 +0000 Subject: [PATCH] Dont allow admin to add mod to remote community (#2129) --- crates/api/src/community.rs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/crates/api/src/community.rs b/crates/api/src/community.rs index f4f433234..d2e149448 100644 --- a/crates/api/src/community.rs +++ b/crates/api/src/community.rs @@ -335,6 +335,13 @@ impl Perform for AddModToCommunity { // Verify that only mods or admins can add mod is_mod_or_admin(context.pool(), local_user_view.person.id, community_id).await?; + let community = blocking(context.pool(), move |conn| { + Community::read(conn, community_id) + }) + .await??; + if local_user_view.person.admin && !community.local { + return Err(LemmyError::from_message("not_a_moderator")); + } // Update in local database let community_moderator_form = CommunityModeratorForm { @@ -374,11 +381,7 @@ impl Perform for AddModToCommunity { }) .await?? .into(); - let community: ApubCommunity = blocking(context.pool(), move |conn| { - Community::read(conn, community_id) - }) - .await?? - .into(); + let community: ApubCommunity = community.into(); if data.added { AddMod::send( &community,