mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-26 22:53:07 +02:00
fix: notes/versions not checking visibility
Issue reported by fEmber
This commit is contained in:
parent
b68c358688
commit
92ee0a5863
1 changed files with 20 additions and 1 deletions
|
@ -3,9 +3,12 @@
|
||||||
* SPDX-License-Identifier: AGPL-3.0-only
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import { Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import { Endpoint } from '@/server/api/endpoint-base.js';
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
|
import { DI } from '@/di-symbols.js';
|
||||||
|
import type { NotesRepository } from '@/models/_.js';
|
||||||
import { GetterService } from '@/server/api/GetterService.js';
|
import { GetterService } from '@/server/api/GetterService.js';
|
||||||
|
import { QueryService } from '@/core/QueryService.js';
|
||||||
import { ApiError } from '../../error.js';
|
import { ApiError } from '../../error.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
|
@ -38,9 +41,25 @@ export const paramDef = {
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
|
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
|
||||||
constructor(
|
constructor(
|
||||||
|
@Inject(DI.notesRepository)
|
||||||
|
private notesRepository: NotesRepository,
|
||||||
|
|
||||||
private getterService: GetterService,
|
private getterService: GetterService,
|
||||||
|
private queryService: QueryService,
|
||||||
) {
|
) {
|
||||||
super(meta, paramDef, async (ps, me) => {
|
super(meta, paramDef, async (ps, me) => {
|
||||||
|
const query = await this.notesRepository.createQueryBuilder('note')
|
||||||
|
.select('note.id')
|
||||||
|
.where('note.id = :noteId', { noteId: ps.noteId });
|
||||||
|
|
||||||
|
this.queryService.generateVisibilityQuery(query, me);
|
||||||
|
|
||||||
|
const note = await query.getOne();
|
||||||
|
|
||||||
|
if (note === null) {
|
||||||
|
throw new ApiError(meta.errors.noSuchNote);
|
||||||
|
}
|
||||||
|
|
||||||
const edits = await this.getterService.getEdits(ps.noteId).catch(err => {
|
const edits = await this.getterService.getEdits(ps.noteId).catch(err => {
|
||||||
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw err;
|
throw err;
|
||||||
|
|
Loading…
Reference in a new issue