notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/api] Prevent moderation actions on system users

Browse source
This commit is contained in:
Laura Hausmann 2024-10-11 19:37:05 +02:00
parent 8071b5c6ea
commit 5005d81ee7
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Iceshrimp.Backend/Controllers/Web/ModerationController.cs
View file

@ -31,7 +31,7 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
[ProducesErrors(HttpStatusCode.NotFound)]
public async Task SuspendUser(string id)
{
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id) ??
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found");
await userSvc.SuspendUserAsync(user);
@ -42,7 +42,7 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
[ProducesErrors(HttpStatusCode.NotFound)]
public async Task UnsuspendUser(string id)
{
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id) ??
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found");
await userSvc.UnsuspendUserAsync(user);
@ -53,7 +53,7 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
[ProducesErrors(HttpStatusCode.NotFound)]
public async Task DeleteUser(string id)
{
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id) ??
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found");
await userSvc.DeleteUserAsync(user);
@ -64,7 +64,7 @@ public class ModerationController(DatabaseContext db, NoteService noteSvc, UserS
[ProducesErrors(HttpStatusCode.NotFound)]
public async Task PurgeUser(string id)
{
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id) ??
var user = await db.Users.IncludeCommonProperties().FirstOrDefaultAsync(p => p.Id == id && !p.IsSystemUser) ??
throw GracefulException.NotFound("User not found");
await userSvc.PurgeUserAsync(user);