From 7bf6d3b8eba0e02f9079d0c08a03cdd9862aeeb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Sun, 4 Oct 2020 22:10:24 -0400
Subject: [PATCH] fix: dont let mods load postqueue for a cid they are not a
 mod of

---
 src/controllers/mods.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/controllers/mods.js b/src/controllers/mods.js
index 017f6ef4ba..fe9c357d8a 100644
--- a/src/controllers/mods.js
+++ b/src/controllers/mods.js
@@ -213,7 +213,9 @@ modsController.postQueue = async function (req, res, next) {
 		categories.buildForSelect(req.uid, 'find', ['disabled', 'link', 'slug']),
 		helpers.getCategoriesByStates(req.uid, cid, null, 'moderate'),
 	]);
-
+	if (!moderatedCids.includes(String(cid)) && !isAdminOrGlobalMod) {
+		return next();
+	}
 	allCategories.forEach((c) => {
 		c.disabledClass = !isAdminOrGlobalMod && !moderatedCids.includes(String(c.cid));
 	});