Merge Notes:
* Lemmy server does not compile.
It took several hours to go through the merge process, so I want to commit the
project in its current state and have a place to revert to if anything goes
wrong.
** API structs need to be double checked for correctness.
They were all moved to a submodule, and Git did not catch the diffs. On the
bright side, this provides us a great opportunity to mark all of our API
changes as we update the vanilla upstream API structs.
* Two new migrations were added upstream.
I don't think these clobber any of our changes, but they modify existing
records. In particular, the fake activitypub records get replaced with newly
generated unique entries. We're going to want to make sure these migrations
work correctly.
* Endpoints need to be reviewed for security and correctness
This is not an exaustive list.
** Comment
*** GetComments
Looks like it can leak comments from private communities. We don't have any
private communities, but we're going to want to fix this.
** Community
*** EditCommunity
The permissions logic could be more concise.
*** BanFromCommunity
Admins cannot ban mods from communities. This should be changed.
** User
*** Register
Review Register endpoint and make sure there are no security regressions.
The recent changes apparently make it impossible to bootstrap the website.
* Other TODOs
** Add a site_mod helper function
Site-mod permissions are broken. A helper function should make an easy
drop-in replacement for many of the current admin checks, but it would be
inappropriate to simply change the definition of the is_admin function.
That said, is_mod_or_admin should be fair game.