Update SetRole/SetUserTitle so that you have to be subscribed to get …

…it, also...

hive/db/schema.py

@@ -693,6 +693,7 @@ def setup(db):
         "update_table_statistics.sql",
         "upgrade/update_db_patchlevel.sql",  # Additionally execute db patchlevel import to mark (already done) upgrade changes and avoid its reevaluation during next upgrade.
         "hafapp_api.sql",
+        "community_helpers.sql",
     ]
 
     sql_scripts_dir_path = Path(__file__).parent / 'sql_scripts'

hive/db/sql_scripts/community_helpers.sql

@@ -0,0 +1,29 @@
+DROP FUNCTION IF EXISTS hivemind_app.validate_community_set_role;
+CREATE OR REPLACE FUNCTION hivemind_app.validate_community_set_role(_community_id hivemind_app.hive_posts.community_id%TYPE, _account_id hivemind_app.hive_posts.author_id%TYPE, _role_id integer)
+RETURNS bool
+LANGUAGE plpgsql
+as
+    $$
+declare
+        __subscription_id INTEGER;
+        __role_id SMALLINT;
+BEGIN
+        SELECT id INTO __subscription_id FROM hivemind_app.hive_subscriptions WHERE account_id = _account_id AND community_id = _community_id;
+        IF _role_id IS NOT NULL THEN
+            -- We allow setting the MUTED role even if you're not subscribed
+            IF _role_id > 0 THEN
+                SELECT role_id INTO __role_id FROM hivemind_app.hive_roles WHERE account_id = _account_id AND community_id = _community_id;
+                -- We don't allow setting a higher role than the current one if you aren't subscribed
+                IF __subscription_id IS NULL AND ((__role_id IS NOT NULL AND __role_id < _role_id ) OR __role_id IS NULL)  THEN
+                    return false;
+                END IF;
+            END IF;
+        ELSE
+            IF __subscription_id IS NULL THEN
+                return false;
+            END IF;
+        end if;
+
+        RETURN TRUE;
+END;
+$$;

hive/db/sql_scripts/db_upgrade.sh

@@ -76,6 +76,7 @@ for sql in postgres_handle_view_changes.sql \
           follows.sql \
           is_superuser.sql \
           update_hive_blocks_consistency_flag.sql \
+          community_helpers.sql \
           update_table_statistics.sql # Must be last
 
 do

hive/indexer/community.py

@@ -201,10 +201,10 @@ def get_user_role(cls, community_id, account_id):
                                     WHERE community_id = :community_id
                                       AND account_id = :account_id
                                     LIMIT 1""",
-                community_id=community_id,
-                account_id=account_id,
-            )
-            or Role.guest.value
+                    community_id=community_id,
+                    account_id=account_id,
+                )
+                or Role.guest.value
         )
 
     @classmethod
@@ -577,9 +577,19 @@ def _validate_permissions(self):
             if self.actor != self.account:
                 assert account_role < actor_role, 'cant modify higher-role user'
                 assert account_role != new_role, 'role would not change'
+
+            # prevent setting a role if the user is not subscribed to the community.
+            # the role "muted" is still settable regardless of subscription status
+            subscribed = DB.query_one(
+                f"""SELECT * FROM {SCHEMA_NAME}.validate_community_set_role(:community_id, :actor_id, :role_id)""",
+                community_id=self.community_id, actor_id=self.account_id, role_id=new_role,
+            )
+            assert subscribed, f"{self.account} must be subscribed to the community to change its role"
+
         elif action == 'updateProps':
             assert actor_role >= Role.admin, 'only admins can update props'
         elif action == 'setUserTitle':
+            assert self._subscribed(self.account_id),  f"{self.account} must be subscribed to the community to change its title"
             # TODO: assert title changed?
             assert actor_role >= Role.mod, 'only mods can set user titles'
         elif action == 'mutePost':