diff options
| author | syuilo <syuilotan@yahoo.co.jp> | 2020-11-15 17:32:29 +0900 |
|---|---|---|
| committer | syuilo <syuilotan@yahoo.co.jp> | 2020-11-15 17:32:29 +0900 |
| commit | 17cc996288ea3dc7643904238e32a95b51058ec0 (patch) | |
| tree | 206d26c7f84a97f255382be2d806a8065300112c /src/server/api/endpoints/clips | |
| parent | Update config.yml (diff) | |
| download | sharkey-17cc996288ea3dc7643904238e32a95b51058ec0.tar.gz sharkey-17cc996288ea3dc7643904238e32a95b51058ec0.tar.bz2 sharkey-17cc996288ea3dc7643904238e32a95b51058ec0.zip | |
他人のpublicなクリップを取得できない問題を修正
Diffstat (limited to 'src/server/api/endpoints/clips')
| -rw-r--r-- | src/server/api/endpoints/clips/notes.ts | 5 | ||||
| -rw-r--r-- | src/server/api/endpoints/clips/show.ts | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/server/api/endpoints/clips/notes.ts b/src/server/api/endpoints/clips/notes.ts index 5289533a1e..3d66623d63 100644 --- a/src/server/api/endpoints/clips/notes.ts +++ b/src/server/api/endpoints/clips/notes.ts @@ -45,13 +45,16 @@ export const meta = { export default define(meta, async (ps, user) => { const clip = await Clips.findOne({ id: ps.clipId, - userId: user.id }); if (clip == null) { throw new ApiError(meta.errors.noSuchClip); } + if (!clip.isPublic && (clip.userId !== user.id)) { + throw new ApiError(meta.errors.noSuchClip); + } + const clipQuery = ClipNotes.createQueryBuilder('joining') .select('joining.noteId') .where('joining.clipId = :clipId', { clipId: clip.id }); diff --git a/src/server/api/endpoints/clips/show.ts b/src/server/api/endpoints/clips/show.ts index 5b2b7b7d5e..1d4947528a 100644 --- a/src/server/api/endpoints/clips/show.ts +++ b/src/server/api/endpoints/clips/show.ts @@ -30,12 +30,15 @@ export default define(meta, async (ps, me) => { // Fetch the clip const clip = await Clips.findOne({ id: ps.clipId, - userId: me.id, }); if (clip == null) { throw new ApiError(meta.errors.noSuchClip); } + if (!clip.isPublic && (clip.userId !== me.id)) { + throw new ApiError(meta.errors.noSuchClip); + } + return await Clips.pack(clip); }); |