Fix post attachment author check on editing (#563)

This commit is contained in:
Christof Dorner 2023-05-02 15:58:32 +00:00 committed by GitHub
parent 5759e1d5c1
commit ac54c7ff81
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions

View File

@ -72,8 +72,11 @@ def update_media(
focus: QueryOrBody[str] = "0,0",
) -> schemas.MediaAttachment:
attachment = get_object_or_404(PostAttachment, pk=id)
if attachment.post:
if attachment.post.author != request.identity:
raise ApiError(401, "Not the author of this attachment")
elif attachment.author != request.identity:
raise ApiError(401, "Not the author of this attachment")
attachment.name = description or None
attachment.save()
return schemas.MediaAttachment.from_post_attachment(attachment)