diff --git a/api/resolvers/item.js b/api/resolvers/item.js index 7395c89a..037b8d07 100644 --- a/api/resolvers/item.js +++ b/api/resolvers/item.js @@ -1315,16 +1315,19 @@ export const updateItem = async (parent, { sub: subName, forward, hash, hmac, .. if (old.bio) { // prevent editing a bio like a regular item - item = { id: Number(item.id), text: item.text, title: `@${user.name}'s bio`, userId: meId } + item = { id: Number(item.id), text: item.text, title: `@${user.name}'s bio` } } else if (old.parentId) { // prevent editing a comment like a post - item = { id: Number(item.id), text: item.text, userId: meId } + item = { id: Number(item.id), text: item.text } } else { - item = { subName, userId: meId, ...item } + item = { subName, ...item } item.forwardUsers = await getForwardUsers(models, forward) } item.uploadIds = uploadIdsFromText(item.text, { models }) + // never change author of item + item.userId = old.userId + const resultItem = await performPaidAction('ITEM_UPDATE', item, { models, me, lnd }) resultItem.comments = [] diff --git a/components/item-info.js b/components/item-info.js index b2854ddc..cc79a276 100644 --- a/components/item-info.js +++ b/components/item-info.js @@ -49,9 +49,11 @@ export default function ItemInfo ({ }, [item]) useEffect(() => { - const invoice = window.localStorage.getItem(`item:${item.id}:hash:hmac`) - setCanEdit((item.mine || invoice) && (Date.now() < editThreshold)) - }, [item.id, item.mine, editThreshold]) + const authorEdit = item.mine + const invParams = window.localStorage.getItem(`item:${item.id}:hash:hmac`) + const hmacEdit = !!invParams && !me && Number(item.user.id) === USER_ID.anon + setCanEdit((authorEdit || hmacEdit) && (Date.now() < editThreshold)) + }, [me, item.id, item.mine, editThreshold]) // territory founders can pin any post in their territory // and OPs can pin any root reply in their post diff --git a/components/use-item-submit.js b/components/use-item-submit.js index d85ddf6e..ac73a207 100644 --- a/components/use-item-submit.js +++ b/components/use-item-submit.js @@ -6,6 +6,8 @@ import { useCallback } from 'react' import { normalizeForwards, toastUpsertSuccessMessages } from '@/lib/form' import { RETRY_PAID_ACTION } from '@/fragments/paidAction' import gql from 'graphql-tag' +import { USER_ID } from '@/lib/constants' +import { useMe } from './me' // this is intented to be compatible with upsert item mutations // so that it can be reused for all post types and comments and we don't have @@ -19,6 +21,7 @@ export default function useItemSubmit (mutation, const toaster = useToast() const crossposter = useCrossposter() const [upsertItem] = usePaidMutation(mutation) + const { me } = useMe() return useCallback( async ({ boost, crosspost, title, options, bounty, maxBid, start, stop, ...values }, { resetForm }) => { @@ -27,10 +30,11 @@ export default function useItemSubmit (mutation, options = options.slice(item?.poll?.options?.length || 0).filter(o => o.trim().length > 0) } - if (item?.id) { - const invoiceData = window.localStorage.getItem(`item:${item.id}:hash:hmac`) - if (invoiceData) { - const [hash, hmac] = invoiceData.split(':') + const hmacEdit = item?.id && Number(item.user.id) === USER_ID.anon && !me + if (hmacEdit) { + const invParams = window.localStorage.getItem(`item:${item.id}:hash:hmac`) + if (invParams) { + const [hash, hmac] = invParams.split(':') values.hash = hash values.hmac = hmac } @@ -89,7 +93,7 @@ export default function useItemSubmit (mutation, await router.push(sub ? `/~${sub.name}/recent` : '/recent') } } - }, [upsertItem, router, crossposter, item, sub, onSuccessfulSubmit, + }, [me, upsertItem, router, crossposter, item, sub, onSuccessfulSubmit, navigateOnSubmit, extraValues, paidMutationOptions] ) }