add check for suspended user on single posts

also fix logic bug in posts.go viewCollectionPost checking the page owner
2025-01-09 06:20:17 +01:00 · 2019-10-25 13:40:32 -07:00 · 2019-10-25 13:40:32 -07:00 · 5429ca4ab0
commit 5429ca4ab0
parent f85f0751a3
1 changed files with 9 additions and 8 deletions
--- a/posts.go
+++ b/posts.go
@ -387,10 +387,6 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		return ErrInternalGeneral
 	}
 	if suspended {
 		return ErrPostNotFound
 	}
 	// Check if post has been unpublished
 	if content == "" {
 		gone = true
@ -441,6 +437,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			Username  string
 			IsOwner   bool
 			SiteURL   string
 			Suspended bool
 		}{
 			AnonymousPost: post,
 			StaticPage:    pageForReq(app, r),
@ -451,6 +448,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
 		}
 		if !page.IsOwner && suspended {
 			return ErrPostNotFound
 		}
 		page.Suspended = suspended
 		err = templates["post"].ExecuteTemplate(w, "post", page)
 		if err != nil {
 			log.Error("Post template execute error: %v", err)
@ -1389,7 +1390,7 @@ Are you sure it was ever here?`,
 			return err
 		}
 	}
-	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
+	p.IsOwner = owner != nil && p.OwnerID.Valid && u.ID == p.OwnerID.Int64
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser