ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Additionally compare user ids during bookmark privacy check (#587)

Browse Source 
Co-authored-by: ekzyis <ek@stacker.news>
This commit is contained in:
ekzyis 2023-10-25 20:04:13 +02:00 committed by GitHub
parent a0216788b4
commit 64cf40a04c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/resolvers/item.js
View File

@ -317,7 +317,10 @@ export default {
// the calling user is either not logged in, or not the user upon which the query is made, // the calling user is either not logged in, or not the user upon which the query is made,
// so we need to check authz // so we need to check authz
user = await models.user.findUnique({ where: { name } }) user = await models.user.findUnique({ where: { name } })
if (user?.hideBookmarks) { // additionally check if the user ids are not the same since if the nym changed
// since the last session update we would hide bookmarks from their owners
// see https://github.com/stackernews/stacker.news/issues/586
if (user?.hideBookmarks && user.id !== me.id) {
// early return with no results if bookmarks are hidden // early return with no results if bookmarks are hidden
return { return {
cursor: null, cursor: null,