1
0
mirror of https://github.com/writeas/writefreely synced 2025-01-23 11:29:55 +01:00

add check for suspended user on single posts

also fix logic bug in posts.go viewCollectionPost checking the page
owner
This commit is contained in:
Rob Loranger 2019-10-25 13:40:32 -07:00
parent f85f0751a3
commit 5429ca4ab0
No known key found for this signature in database
GPG Key ID: D6F1633A4F0903B8

View File

@ -387,10 +387,6 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
return ErrInternalGeneral return ErrInternalGeneral
} }
if suspended {
return ErrPostNotFound
}
// Check if post has been unpublished // Check if post has been unpublished
if content == "" { if content == "" {
gone = true gone = true
@ -438,9 +434,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
page := struct { page := struct {
*AnonymousPost *AnonymousPost
page.StaticPage page.StaticPage
Username string Username string
IsOwner bool IsOwner bool
SiteURL string SiteURL string
Suspended bool
}{ }{
AnonymousPost: post, AnonymousPost: post,
StaticPage: pageForReq(app, r), StaticPage: pageForReq(app, r),
@ -451,6 +448,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
} }
if !page.IsOwner && suspended {
return ErrPostNotFound
}
page.Suspended = suspended
err = templates["post"].ExecuteTemplate(w, "post", page) err = templates["post"].ExecuteTemplate(w, "post", page)
if err != nil { if err != nil {
log.Error("Post template execute error: %v", err) log.Error("Post template execute error: %v", err)
@ -1389,7 +1390,7 @@ Are you sure it was ever here?`,
return err return err
} }
} }
p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64 p.IsOwner = owner != nil && p.OwnerID.Valid && u.ID == p.OwnerID.Int64
p.Collection = coll p.Collection = coll
p.IsTopLevel = app.cfg.App.SingleUser p.IsTopLevel = app.cfg.App.SingleUser