fix: チャンネルの編集権限をチャンネル所有者とモデレーターに限定する (#10268)

* チャンネルの編集権限をチャンネルオーナーとモデレーターに限定する * PR 指摘点対応(共有ボタンを全員に表示、$i の nullable 対応、fix a typo) * everyOne -> share
2023-03-09 07:58:53 +09:00 · 2023-03-09 07:58:53 +09:00 · aad70a97db
commit aad70a97db
parent 97a43bc30f
2 changed files with 31 additions and 18 deletions
--- a/packages/backend/src/server/api/endpoints/channels/update.ts
+++ b/packages/backend/src/server/api/endpoints/channels/update.ts
@ -4,6 +4,7 @@ import type { DriveFilesRepository, ChannelsRepository } from '@/models/index.js
 import { ChannelEntityService } from '@/core/entities/ChannelEntityService.js';
 import { DI } from '@/di-symbols.js';
 import { ApiError } from '../../error.js';
+import { RoleService } from '@/core/RoleService.js';

 export const meta = {
 	tags: ['channels'],
@ -61,7 +62,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 		private driveFilesRepository: DriveFilesRepository,

 		private channelEntityService: ChannelEntityService,
-	) {
+
+		private roleService: RoleService,
+		) {
 		super(meta, paramDef, async (ps, me) => {
 			const channel = await this.channelsRepository.findOneBy({
 				id: ps.channelId,
@ -71,7 +74,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				throw new ApiError(meta.errors.noSuchChannel);
 			}

-			if (channel.userId !== me.id) {
+			const iAmModerator = await this.roleService.isModerator(me);
+			if (channel.userId !== me.id && !iAmModerator) {
 				throw new ApiError(meta.errors.accessDenied);
 			}