spam button - put in a bare bones check to prevent it from being a wa…

…y to allow users to ban users they should not be allowed to ban
TASVideos · Sep 1, 2023 · ba98795 · ba98795
1 parent 7cb36e7
commit ba98795
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/TASVideos/Pages/Forum/Posts/Edit.cshtml.cs b/TASVideos/Pages/Forum/Posts/Edit.cshtml.cs
@@ -246,6 +246,8 @@ public async Task<IActionResult> OnPostSpam()
 	{
 		var post = await _db.ForumPosts
 			.Include(p => p.Poster)
+			.ThenInclude(p => p!.UserRoles)
+			.ThenInclude(ur => ur.Role)
 			.Include(p => p.Topic)
 			.Include(p => p.Topic!.Forum)
 			.ExcludeRestricted(seeRestricted: false) // Intentionally not allowing spamming on restricted forums
@@ -261,6 +263,11 @@ public async Task<IActionResult> OnPostSpam()
 			return AccessDenied();
 		}
 
+		if (post.Poster!.UserRoles.SelectMany(ur => ur.Role!.RolePermission).Any(rp => rp.PermissionId == PermissionTo.AssignRoles))
+		{
+			return AccessDenied();
+		}
+
 		var postCount = await _db.ForumPosts.CountAsync(t => t.TopicId == post.TopicId);
 
 		var oldTopicId = post.TopicId;