sim1222/misskey
1
0
Fork 0
mirror of https://github.com/sim1222/misskey.git synced 2025-08-04 07:26:29 +09:00
Code Issues Projects Releases Wiki Activity

fix: チャンネルの編集権限をチャンネル所有者とモデレーターに限定する (#10268)

Browse Source 
* チャンネルの編集権限をチャンネルオーナーとモデレーターに限定する

* PR 指摘点対応(共有ボタンを全員に表示、$i の nullable 対応、fix a typo)

* everyOne -> share
This commit is contained in:
mmorita
2023-03-09 07:58:53 +09:00
committed by GitHub
parent 97a43bc30f
commit aad70a97db
2 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/backend/src/server/api/endpoints/channels/update.ts
View File

@ -4,6 +4,7 @@ import type { DriveFilesRepository, ChannelsRepository } from '@/models/index.js
import { ChannelEntityService } from '@/core/entities/ChannelEntityService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '../../error.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['channels'],
@ -61,7 +62,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private driveFilesRepository: DriveFilesRepository,
private channelEntityService: ChannelEntityService,
) {
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
const channel = await this.channelsRepository.findOneBy({
id: ps.channelId,
@ -71,7 +74,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.noSuchChannel);
}
if (channel.userId !== me.id) {
const iAmModerator = await this.roleService.isModerator(me);
if (channel.userId !== me.id && !iAmModerator) {
throw new ApiError(meta.errors.accessDenied);
}