move to 2.5.5

[anni] / lib / pleroma / web / common_api.ex

diff --git a/lib/pleroma/web/common_api.ex b/lib/pleroma/web/common_api.ex
old mode 100644 (file)
new mode 100755 (executable)
index 89cc0d6..44eb000
--- a/lib/pleroma/web/common_api.ex
+++ b/lib/pleroma/web/common_api.ex
@@ -33,6 +33,7 @@ defmodule Pleroma.Web.CommonAPI do
 
   def post_chat_message(%User{} = user, %User{} = recipient, content, opts \\ []) do
     with maybe_attachment <- opts[:media_id] && Object.get_by_id(opts[:media_id]),
+         :ok <- validate_chat_attachment_attribution(maybe_attachment, user),
          :ok <- validate_chat_content_length(content, !!maybe_attachment),
          {_, {:ok, chat_message_data, _meta}} <-
            {:build_object,
@@ -71,6 +72,17 @@ defmodule Pleroma.Web.CommonAPI do
     text
   end
 
+  defp validate_chat_attachment_attribution(nil, _), do: :ok
+
+  defp validate_chat_attachment_attribution(attachment, user) do
+    with :ok <- Object.authorize_access(attachment, user) do
+      :ok
+    else
+      e ->
+        e
+    end
+  end
+
   defp validate_chat_content_length(_, true), do: :ok
   defp validate_chat_content_length(nil, false), do: {:error, :no_content}