commit 55269ded18d6eb3cf693d8131a05b30f87bfffc3 parent a50b6c95fc66bbd22142cb8c5c6dceb7e4e29b2d Author: n0tr1v <n0tr1v@protonmail.com> Date: Fri, 9 Jun 2023 21:36:51 -0700 fix auth for delete msg Diffstat:
| M | pkg/web/handlers/interceptors/slashInterceptor.go | | | 8 | ++++++++ |
1 file changed, 8 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/interceptors/slashInterceptor.go b/pkg/web/handlers/interceptors/slashInterceptor.go @@ -1370,6 +1370,14 @@ func handleDeleteMsgCmd(c *command.Command) (handled bool) { return true } } + if !msg.UserCanDelete(*c.AuthUser) { + c.Err = errors.New("cannot delete this message") + return true + } + if !c.AuthUser.IsAdmin && msg.TooOldToDelete() && msg.User.Username == c.AuthUser.Username { + c.Err = errors.New("message is too old to be deleted") + return true + } _ = msg.Delete(c.DB) c.Err = command.ErrRedirect return true