Loading CHANGELOG.md +2 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ The format is based on [keep a changelog](http://keepachangelog.com) and this pr ### Fixed - Correctly report execution mode in Lua runtime after hooks. - Use correct parameter type for creator ID in group update queries. - Use correct parameter name for lang tag in group update queries. - Do not allow users to send friend requests to the root user. ## [2.2.1] - 2018-11-20 ### Added Loading server/api_friend.go +12 −3 Original line number Diff line number Diff line Loading @@ -119,12 +119,15 @@ func (s *ApiServer) AddFriends(ctx context.Context, in *api.AddFriendsRequest) ( if userID.String() == id { return nil, status.Error(codes.InvalidArgument, "Cannot add self as friend.") } if _, err := uuid.FromString(id); err != nil { if uid, err := uuid.FromString(id); err != nil || uid == uuid.Nil { return nil, status.Error(codes.InvalidArgument, "Invalid user ID '"+id+"'.") } } for _, u := range in.GetUsernames() { if u == "" { return nil, status.Error(codes.InvalidArgument, "Username must not be empty.") } if username == u { return nil, status.Error(codes.InvalidArgument, "Cannot add self as friend.") } Loading Loading @@ -206,13 +209,16 @@ func (s *ApiServer) DeleteFriends(ctx context.Context, in *api.DeleteFriendsRequ if userID.String() == id { return nil, status.Error(codes.InvalidArgument, "Cannot delete self.") } if _, err := uuid.FromString(id); err != nil { if uid, err := uuid.FromString(id); err != nil || uid == uuid.Nil { return nil, status.Error(codes.InvalidArgument, "Invalid user ID '"+id+"'.") } } username := ctx.Value(ctxUsernameKey{}).(string) for _, u := range in.GetUsernames() { if u == "" { return nil, status.Error(codes.InvalidArgument, "Username must not be empty.") } if username == u { return nil, status.Error(codes.InvalidArgument, "Cannot delete self.") } Loading Loading @@ -295,13 +301,16 @@ func (s *ApiServer) BlockFriends(ctx context.Context, in *api.BlockFriendsReques if userID.String() == id { return nil, status.Error(codes.InvalidArgument, "Cannot block self.") } if _, err := uuid.FromString(id); err != nil { if uid, err := uuid.FromString(id); err != nil || uid == uuid.Nil { return nil, status.Error(codes.InvalidArgument, "Invalid user ID '"+id+"'.") } } username := ctx.Value(ctxUsernameKey{}).(string) for _, u := range in.GetUsernames() { if u == "" { return nil, status.Error(codes.InvalidArgument, "Username must not be empty.") } if username == u { return nil, status.Error(codes.InvalidArgument, "Cannot block self.") } Loading Loading
CHANGELOG.md +2 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ The format is based on [keep a changelog](http://keepachangelog.com) and this pr ### Fixed - Correctly report execution mode in Lua runtime after hooks. - Use correct parameter type for creator ID in group update queries. - Use correct parameter name for lang tag in group update queries. - Do not allow users to send friend requests to the root user. ## [2.2.1] - 2018-11-20 ### Added Loading
server/api_friend.go +12 −3 Original line number Diff line number Diff line Loading @@ -119,12 +119,15 @@ func (s *ApiServer) AddFriends(ctx context.Context, in *api.AddFriendsRequest) ( if userID.String() == id { return nil, status.Error(codes.InvalidArgument, "Cannot add self as friend.") } if _, err := uuid.FromString(id); err != nil { if uid, err := uuid.FromString(id); err != nil || uid == uuid.Nil { return nil, status.Error(codes.InvalidArgument, "Invalid user ID '"+id+"'.") } } for _, u := range in.GetUsernames() { if u == "" { return nil, status.Error(codes.InvalidArgument, "Username must not be empty.") } if username == u { return nil, status.Error(codes.InvalidArgument, "Cannot add self as friend.") } Loading Loading @@ -206,13 +209,16 @@ func (s *ApiServer) DeleteFriends(ctx context.Context, in *api.DeleteFriendsRequ if userID.String() == id { return nil, status.Error(codes.InvalidArgument, "Cannot delete self.") } if _, err := uuid.FromString(id); err != nil { if uid, err := uuid.FromString(id); err != nil || uid == uuid.Nil { return nil, status.Error(codes.InvalidArgument, "Invalid user ID '"+id+"'.") } } username := ctx.Value(ctxUsernameKey{}).(string) for _, u := range in.GetUsernames() { if u == "" { return nil, status.Error(codes.InvalidArgument, "Username must not be empty.") } if username == u { return nil, status.Error(codes.InvalidArgument, "Cannot delete self.") } Loading Loading @@ -295,13 +301,16 @@ func (s *ApiServer) BlockFriends(ctx context.Context, in *api.BlockFriendsReques if userID.String() == id { return nil, status.Error(codes.InvalidArgument, "Cannot block self.") } if _, err := uuid.FromString(id); err != nil { if uid, err := uuid.FromString(id); err != nil || uid == uuid.Nil { return nil, status.Error(codes.InvalidArgument, "Invalid user ID '"+id+"'.") } } username := ctx.Value(ctxUsernameKey{}).(string) for _, u := range in.GetUsernames() { if u == "" { return nil, status.Error(codes.InvalidArgument, "Username must not be empty.") } if username == u { return nil, status.Error(codes.InvalidArgument, "Cannot block self.") } Loading
