I agree, I think it was just an oversight. Based on the context, it seems like the code assumes that error handling for anything but “database is gone” is unnecessary. Doing user lookups with those assumptions may be difficult, and I don’t think the Lemmy devs were trying to protect against shenanigans like these.
I don’t really see what you would gain from blocking a local admin (not like the admin is any less powerful to take action against you) so I wouldn’t expect it to be that bad. I’m a little surprised it’s not possible to block admins in the first place.
I can’t be bothered to actually check if the import does indeed allow blocking local instance admins; I just assumed so based on a quick read of the code. This seems like a rather unimportant bug, but if someone cares they should probably file an issue (or, even better, a pull request).
Source code for the code responsible for this error message:
let target_user = LocalUserView::read_person(&mut context.pool(), target_id).await; if target_user.map(|t| t.local_user.admin) == Ok(true) { Err(LemmyErrorType::CantBlockAdmin)? }You can’t block local instance admins. You can ban external admins (those on other servers), and moderators, though.
Blocking admins doesn’t make much sense anyway, because admins can probably remove the block from the database if they wanted to be malicious.
As a workaround, you can try the following (requires Lemmy 0.19.0 or higher):
blocked_userslist (make sure to stick to the JSON format)It looks like the code for importing settings does not execute the admin check.
I love that you found this workaround, but arguably that code path should do the admin check, too.
I agree, I think it was just an oversight. Based on the context, it seems like the code assumes that error handling for anything but “database is gone” is unnecessary. Doing user lookups with those assumptions may be difficult, and I don’t think the Lemmy devs were trying to protect against shenanigans like these.
I don’t really see what you would gain from blocking a local admin (not like the admin is any less powerful to take action against you) so I wouldn’t expect it to be that bad. I’m a little surprised it’s not possible to block admins in the first place.
I can’t be bothered to actually check if the import does indeed allow blocking local instance admins; I just assumed so based on a quick read of the code. This seems like a rather unimportant bug, but if someone cares they should probably file an issue (or, even better, a pull request).