Merge branch '2021.06-rc' of https://github.com/friendica/friendica into 2021.06...

[friendica.git] / src / Module / Item / Pin.php

diff --git a/src/Module/Item/Pin.php b/src/Module/Item/Pin.php
index d99b1a345205ecddf1a72c20cbbadfe03334f125..b8022cf57c1f5f0cc018a589071f2ac297202e23 100644 (file)
--- a/src/Module/Item/Pin.php
+++ b/src/Module/Item/Pin.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -24,8 +24,9 @@ namespace Friendica\Module\Item;
 use Friendica\BaseModule;
 use Friendica\Core\Session;
 use Friendica\Core\System;
+use Friendica\Database\DBA;
 use Friendica\DI;
-use Friendica\Model\Item;
+use Friendica\Model\Post;
 use Friendica\Network\HTTPException;
 
 /**
@@ -47,9 +48,18 @@ class Pin extends BaseModule
 
                $itemId = intval($parameters['id']);
 
-               $pinned = !Item::getPinned($itemId, local_user());
+               $item = Post::selectFirst(['uri-id', 'uid'], ['id' => $itemId]);
+               if (!DBA::isResult($item)) {
+                       throw new HTTPException\NotFoundException();
+               }
+
+               if (!in_array($item['uid'], [0, local_user()])) {
+                       throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
+               }
+
+               $pinned = !Post\ThreadUser::getPinned($item['uri-id'], local_user());
 
-               Item::setPinned($itemId, local_user(), $pinned);
+               Post\ThreadUser::setPinned($item['uri-id'], local_user(), $pinned);
 
                // See if we've been passed a return path to redirect to
                $return_path = $_REQUEST['return'] ?? '';