misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

revert 44ff9f39: pass access token through API to enforce rank

Browse source
This commit is contained in:
Hazelnoot 2025-06-22 14:54:08 -04:00
parent d7a629e178
commit 7f547a8c10
166 changed files with 377 additions and 472 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/api/endpoints/notes/delete.ts
View file

@ -59,13 +59,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private roleService: RoleService,
private noteDeleteService: NoteDeleteService,
) {
super(meta, paramDef, async (ps, me, token) => {
super(meta, paramDef, async (ps, me) => {
const note = await this.getterService.getNote(ps.noteId).catch(err => {
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw err;
});
if (!await this.roleService.isModerator(me, token) && (note.userId !== me.id)) {
if (!await this.roleService.isModerator(me) && (note.userId !== me.id)) {
throw new ApiError(meta.errors.accessDenied);
}