From c58eb873dd47ebd1b207c9f79ccffe2c3819949d Mon Sep 17 00:00:00 2001 From: Sean King Date: Sun, 18 Dec 2022 22:05:07 -0700 Subject: [PATCH] Fix CommonAPI delete function to use User.privileged? instead of User.superuser? --- lib/pleroma/web/common_api.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/common_api.ex b/lib/pleroma/web/common_api.ex index 97f2aec3b..89cc0d6fe 100644 --- a/lib/pleroma/web/common_api.ex +++ b/lib/pleroma/web/common_api.ex @@ -148,7 +148,7 @@ def delete(activity_id, user) do true <- User.privileged?(user, :messages_delete) || user.ap_id == object.data["actor"], {:ok, delete_data, _} <- Builder.delete(user, object.data["id"]), {:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do - if User.superuser?(user) and user.ap_id != object.data["actor"] do + if User.privileged?(user, :messages_delete) and user.ap_id != object.data["actor"] do action = if object.data["type"] == "ChatMessage" do "chat_message_delete"