Matt Baer
4 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 42 additions and 33 deletions
Split View
Diff Options
-
+1 -1app.go
-
+10 -0collections.go
-
+2 -0pad.go
-
+28 -28posts.go
-
+1 -1templates/edit-meta.tmpl
-
+0 -3templates/password-collection.tmpl
+ 1
- 1
app.go
View File
| @@ -56,7 +56,7 @@ var ( | |||
| debugging bool | |||
| // Software version can be set from git env using -ldflags | |||
| softwareVer = "0.11.1" | |||
| softwareVer = "0.11.2" | |||
| // DEPRECATED VARS | |||
| isSingleUser bool | |||
+ 10
- 0
collections.go
View File
| @@ -648,6 +648,16 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R | |||
| uname = u.Username | |||
| } | |||
| // TODO: move this to all permission checks? | |||
| suspended, err := app.db.IsUserSuspended(c.OwnerID) | |||
| if err != nil { | |||
| log.Error("process protected collection permissions: %v", err) | |||
| return nil, err | |||
| } | |||
| if suspended { | |||
| return nil, ErrCollectionNotFound | |||
| } | |||
| // See if we've authorized this collection | |||
| authd := isAuthorizedForCollection(app, c.Alias, r) | |||
+ 2
- 0
pad.go
View File
| @@ -92,6 +92,7 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| if err != nil { | |||
| return err | |||
| } | |||
| appData.EditCollection.hostName = app.cfg.App.Host | |||
| } else { | |||
| // Editing a floating article | |||
| appData.Post = getRawPost(app, action) | |||
| @@ -161,6 +162,7 @@ func handleViewMeta(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| if err != nil { | |||
| return err | |||
| } | |||
| appData.EditCollection.hostName = app.cfg.App.Host | |||
| } else { | |||
| // Editing a floating article | |||
| appData.Post = getRawPost(app, action) | |||
+ 28
- 28
posts.go
View File
| @@ -381,10 +381,12 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| } | |||
| } | |||
| suspended, err := app.db.IsUserSuspended(ownerID.Int64) | |||
| if err != nil { | |||
| log.Error("view post: %v", err) | |||
| return ErrInternalGeneral | |||
| var suspended bool | |||
| if found { | |||
| suspended, err = app.db.IsUserSuspended(ownerID.Int64) | |||
| if err != nil { | |||
| log.Error("view post: %v", err) | |||
| } | |||
| } | |||
| // Check if post has been unpublished | |||
| @@ -511,7 +513,6 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| suspended, err := app.db.IsUserSuspended(userID) | |||
| if err != nil { | |||
| log.Error("new post: %v", err) | |||
| return ErrInternalGeneral | |||
| } | |||
| if suspended { | |||
| return ErrUserSuspended | |||
| @@ -685,7 +686,6 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| suspended, err := app.db.IsUserSuspended(userID) | |||
| if err != nil { | |||
| log.Error("existing post: %v", err) | |||
| return ErrInternalGeneral | |||
| } | |||
| if suspended { | |||
| return ErrUserSuspended | |||
| @@ -888,7 +888,6 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| suspended, err := app.db.IsUserSuspended(ownerID) | |||
| if err != nil { | |||
| log.Error("add post: %v", err) | |||
| return ErrInternalGeneral | |||
| } | |||
| if suspended { | |||
| return ErrUserSuspended | |||
| @@ -991,7 +990,6 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| suspended, err := app.db.IsUserSuspended(userID) | |||
| if err != nil { | |||
| log.Error("pin post: %v", err) | |||
| return ErrInternalGeneral | |||
| } | |||
| if suspended { | |||
| return ErrUserSuspended | |||
| @@ -1039,7 +1037,6 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| var collID int64 | |||
| var ownerID int64 | |||
| var coll *Collection | |||
| var err error | |||
| vars := mux.Vars(r) | |||
| @@ -1049,25 +1046,32 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| if err != nil { | |||
| return err | |||
| } | |||
| coll.hostName = app.cfg.App.Host | |||
| _, err = apiCheckCollectionPermissions(app, r, coll) | |||
| if err != nil { | |||
| return err | |||
| } | |||
| collID = coll.ID | |||
| ownerID = coll.OwnerID | |||
| } | |||
| p, err := app.db.GetPost(vars["post"], collID) | |||
| if err != nil { | |||
| return err | |||
| } | |||
| suspended, err := app.db.IsUserSuspended(ownerID) | |||
| if coll == nil && p.CollectionID.Valid { | |||
| // Collection post is getting fetched by post ID, not coll alias + post slug, so get coll info now. | |||
| coll, err = app.db.GetCollectionByID(p.CollectionID.Int64) | |||
| if err != nil { | |||
| return err | |||
| } | |||
| } | |||
| if coll != nil { | |||
| coll.hostName = app.cfg.App.Host | |||
| _, err = apiCheckCollectionPermissions(app, r, coll) | |||
| if err != nil { | |||
| return err | |||
| } | |||
| } | |||
| suspended, err := app.db.IsUserSuspended(p.OwnerID.Int64) | |||
| if err != nil { | |||
| log.Error("fetch post: %v", err) | |||
| return ErrInternalGeneral | |||
| } | |||
| if suspended { | |||
| return ErrPostNotFound | |||
| } | |||
| @@ -1076,13 +1080,6 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error { | |||
| accept := r.Header.Get("Accept") | |||
| if strings.Contains(accept, "application/activity+json") { | |||
| // Fetch information about the collection this belongs to | |||
| if coll == nil && p.CollectionID.Valid { | |||
| coll, err = app.db.GetCollectionByID(p.CollectionID.Int64) | |||
| if err != nil { | |||
| return err | |||
| } | |||
| } | |||
| if coll == nil { | |||
| // This is a draft post; 404 for now | |||
| // TODO: return ActivityObject | |||
| @@ -1335,15 +1332,18 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error | |||
| suspended, err := app.db.IsUserSuspended(c.OwnerID) | |||
| if err != nil { | |||
| log.Error("view collection post: %v", err) | |||
| return ErrInternalGeneral | |||
| } | |||
| // Check collection permissions | |||
| if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) { | |||
| return ErrPostNotFound | |||
| } | |||
| if c.IsProtected() && ((u == nil || u.ID != c.OwnerID) && !isAuthorizedForCollection(app, c.Alias, r)) { | |||
| return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug} | |||
| if c.IsProtected() && (u == nil || u.ID != c.OwnerID) { | |||
| if suspended { | |||
| return ErrPostNotFound | |||
| } else if !isAuthorizedForCollection(app, c.Alias, r) { | |||
| return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug} | |||
| } | |||
| } | |||
| cr.isCollOwner = u != nil && c.OwnerID == u.ID | |||
+ 1
- 1
templates/edit-meta.tmpl
View File
| @@ -270,7 +270,7 @@ | |||
| <script> | |||
| function updateMeta() { | |||
| if ({{.Suspended}}) { | |||
| alert('Your account is currently supsended, editing posts is disabled.'); | |||
| alert("Your account is silenced, so you can't edit posts."); | |||
| return | |||
| } | |||
| document.getElementById('create-error').style.display = 'none'; | |||
+ 0
- 3
templates/password-collection.tmpl
View File
| @@ -25,9 +25,6 @@ | |||
| </head> | |||
| <body id="collection" itemscope itemtype="http://schema.org/WebPage"> | |||
| {{if .Suspended}} | |||
| {{template "user-supsended"}} | |||
| {{end}} | |||
| <header> | |||
| <h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1> | |||
| </header> | |||