Require mail permission to view /about/muted and unmute

2026-04-27 03:00:12 -04:00 · 2015-10-13 11:38:58 -07:00
parent b6a080151d
commit f38ffcbfa2
2 changed files with 6 additions and 1 deletions
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -857,6 +857,10 @@ class ApiController(RedditController):
                required_perms.append('wiki')
            else:
                required_perms.append('access')
+                # ability to unmute requires access and mail permissions
+                if type == 'muted':
+                    required_perms.append('mail')
+
        if (not c.user_is_admin
            and (type in self._sr_friend_types
                 and not container.is_moderator_with_perms(
--- a/r2/r2/controllers/listingcontroller.py
+++ b/r2/r2/controllers/listingcontroller.py
@@ -1741,7 +1741,8 @@ class UserListListingController(ListingController):
            self.listing_cls = BannedListing

        elif where == 'muted':
-            if not has_mod_access:
+            if not (has_mod_access and
+                    c.site.is_moderator_with_perms(c.user, 'mail')):
                abort(403)
            self.listing_cls = MutedListing