mirror of
https://github.com/reddit-archive/reddit.git
synced 2026-04-05 03:00:15 -04:00
Properly check permissions upon mod/unmod.
This commit is contained in:
@@ -474,7 +474,7 @@ class ApiController(RedditController):
|
||||
|
||||
if (not c.user_is_admin
|
||||
and (type in ('moderator','contributor','banned')
|
||||
and not c.site.is_moderator(c.user))):
|
||||
and not container.is_moderator(c.user))):
|
||||
abort(403, 'forbidden')
|
||||
if (type == 'moderator' and not
|
||||
(c.user_is_admin or container.can_demod(c.user, victim))):
|
||||
@@ -512,7 +512,7 @@ class ApiController(RedditController):
|
||||
# for the privilege change to succeed.
|
||||
if (not c.user_is_admin
|
||||
and (type in ('moderator','contributor', 'banned')
|
||||
and not c.site.is_moderator(c.user))):
|
||||
and not container.is_moderator(c.user))):
|
||||
abort(403,'forbidden')
|
||||
|
||||
# if we are (strictly) friending, the container
|
||||
|
||||
Reference in New Issue
Block a user