misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

revert 44ff9f39: pass access token through API to enforce rank

Browse source
This commit is contained in:
Hazelnoot 2025-06-22 14:54:08 -04:00
parent d7a629e178
commit 7f547a8c10
166 changed files with 377 additions and 472 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/api/endpoints/drive/files/update.ts
View file

@ -94,13 +94,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private driveService: DriveService,
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me, token) => {
super(meta, paramDef, async (ps, me) => {
const file = await this.driveFilesRepository.findOneBy({ id: ps.fileId });
if (file == null) {
throw new ApiError(meta.errors.noSuchFile);
}
if (!await this.roleService.isModerator(me, token) && (file.userId !== me.id)) {
if (!await this.roleService.isModerator(me) && (file.userId !== me.id)) {
throw new ApiError(meta.errors.accessDenied);
}