github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-05 03:00:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

Properly check permissions upon mod/unmod.

Browse Source
This commit is contained in:
Max Goodman
2011-10-10 00:40:44 -07:00
parent 770bad372d
commit 9300c4901a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
r2/r2/controllers/api.py
View File

@@ -474,7 +474,7 @@ class ApiController(RedditController):
if (not c.user_is_admin
and (type in ('moderator','contributor','banned')
and not c.site.is_moderator(c.user))):
and not container.is_moderator(c.user))):
abort(403, 'forbidden')
if (type == 'moderator' and not
(c.user_is_admin or container.can_demod(c.user, victim))):
@@ -512,7 +512,7 @@ class ApiController(RedditController):
# for the privilege change to succeed.
if (not c.user_is_admin
and (type in ('moderator','contributor', 'banned')
and not c.site.is_moderator(c.user))):
and not container.is_moderator(c.user))):
abort(403,'forbidden')
# if we are (strictly) friending, the container