notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/api] Prevent moderation actions on the authenticated user

Browse source
This commit is contained in:
Laura Hausmann 2024-10-11 19:38:30 +02:00
parent 5005d81ee7
commit 0496df2c9e
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Iceshrimp.Backend/Controllers/Web/ModerationController.cs
View file

@ -34,6 +34,9 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ?? var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found"); throw GracefulException.NotFound("User not found");
if (user == HttpContext.GetUserOrFail())
throw GracefulException.BadRequest("You cannot suspend yourself.");
await userSvc.SuspendUserAsync(user); await userSvc.SuspendUserAsync(user);
} }
@ -45,6 +48,9 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ?? var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found"); throw GracefulException.NotFound("User not found");
if (user == HttpContext.GetUserOrFail())
throw GracefulException.BadRequest("You cannot unsuspend yourself.");
await userSvc.UnsuspendUserAsync(user); await userSvc.UnsuspendUserAsync(user);
} }
@ -56,6 +62,9 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ?? var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found"); throw GracefulException.NotFound("User not found");
if (user == HttpContext.GetUserOrFail())
throw GracefulException.BadRequest("You cannot delete yourself.");
await userSvc.DeleteUserAsync(user); await userSvc.DeleteUserAsync(user);
} }