From 8a5b71fdbdb0715ffc5c48908a8b3900cf60364e Mon Sep 17 00:00:00 2001 From: N-Shar-ma Date: Fri, 20 Jan 2023 21:36:53 +0530 Subject: [PATCH] emoji_settings: Only allow admins to override default emoji. Uptil now, any user could add a custom emoji with the same name as a default emoji, thus overriding it (with a confirmation after warning). To create more friction for this action, now only admins are allowed to add custom emojis that override default ones. All users can still add custom emojis with other names. Fixes part of #24120. --- static/js/settings_emoji.js | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/static/js/settings_emoji.js b/static/js/settings_emoji.js index f224c0cb88..bc5aa02891 100644 --- a/static/js/settings_emoji.js +++ b/static/js/settings_emoji.js @@ -260,6 +260,17 @@ export function set_up() { } if (is_default_emoji(emoji.name)) { + if (!page_params.is_admin) { + ui_report.client_error( + $t_html({ + defaultMessage: + "Failed: There is a default emoji with this name. Only administrators can override default emoji.", + }), + $emoji_status, + ); + return; + } + const html_body = emoji_settings_warning_modal({ emoji_name: emoji.name, });