-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Olympia. Runtime. Fix moderation bug in the forum pallet. #3125
Olympia. Runtime. Fix moderation bug in the forum pallet. #3125
Conversation
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/joystream/pioneer-testnet/DmLJavgL9M72JzjWKNNfHd71DEYU |
I'm not sure if this is an issue, but just wanted to point out that the reason for the initial implementation, ie.:
Was probably to be consistent with the logic inside And the reason why For example, in a situation where:
We are left with multiple posts that belong to a non-existing thread, but still exist in Before the fix was implemented in this PR, it was possible to either slash the stake associated with those posts (using After this fix only the latter will be possible. |
|
There is no need for any thread to be deleted to allow moderators to expoilt this issue.
Where both So, to give an example: If there is post |
So just to clarify the severity of the issue in one sentence: Any moderator having access to at least 1 category can moderate any post. |
Yes, that was badly explained by me. We could however in fact restrict it to that case by doing let post = if Self::thread_exists(category_id, thread_id) {
/** do check on thread, which exists, to see that it lives in the given category **/
Self::ensure_post_is_mutable(&category_id, &thread_id, &post_id)?
} else {
<PostById<T>>::get(thread_id, post_id)
}; The fundamental problem is that when thread is gone, we can't even in principle offer this protection. If this is correct, then I guess it is actually worth making this small improvement, as it radically restricts the set of posts a moderator actually can escalate privilege against. |
This part could create the default post which would create a whole new set of problems. |
To clarify, we are talking about this Can we just drop this basically? If the post does not exist, then obviously |
End of the story here: #3111 (comment) |
Fixes #3111