commit
e16ea3b419
2
app.go
2
app.go
|
@ -56,7 +56,7 @@ var (
|
|||
debugging bool
|
||||
|
||||
// Software version can be set from git env using -ldflags
|
||||
softwareVer = "0.11.1"
|
||||
softwareVer = "0.11.2"
|
||||
|
||||
// DEPRECATED VARS
|
||||
isSingleUser bool
|
||||
|
|
|
@ -648,6 +648,16 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R
|
|||
uname = u.Username
|
||||
}
|
||||
|
||||
// TODO: move this to all permission checks?
|
||||
suspended, err := app.db.IsUserSuspended(c.OwnerID)
|
||||
if err != nil {
|
||||
log.Error("process protected collection permissions: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
if suspended {
|
||||
return nil, ErrCollectionNotFound
|
||||
}
|
||||
|
||||
// See if we've authorized this collection
|
||||
authd := isAuthorizedForCollection(app, c.Alias, r)
|
||||
|
||||
|
|
2
pad.go
2
pad.go
|
@ -92,6 +92,7 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
appData.EditCollection.hostName = app.cfg.App.Host
|
||||
} else {
|
||||
// Editing a floating article
|
||||
appData.Post = getRawPost(app, action)
|
||||
|
@ -161,6 +162,7 @@ func handleViewMeta(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
appData.EditCollection.hostName = app.cfg.App.Host
|
||||
} else {
|
||||
// Editing a floating article
|
||||
appData.Post = getRawPost(app, action)
|
||||
|
|
50
posts.go
50
posts.go
|
@ -381,10 +381,12 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
}
|
||||
}
|
||||
|
||||
suspended, err := app.db.IsUserSuspended(ownerID.Int64)
|
||||
var suspended bool
|
||||
if found {
|
||||
suspended, err = app.db.IsUserSuspended(ownerID.Int64)
|
||||
if err != nil {
|
||||
log.Error("view post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
}
|
||||
}
|
||||
|
||||
// Check if post has been unpublished
|
||||
|
@ -511,7 +513,6 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
suspended, err := app.db.IsUserSuspended(userID)
|
||||
if err != nil {
|
||||
log.Error("new post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
}
|
||||
if suspended {
|
||||
return ErrUserSuspended
|
||||
|
@ -685,7 +686,6 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
suspended, err := app.db.IsUserSuspended(userID)
|
||||
if err != nil {
|
||||
log.Error("existing post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
}
|
||||
if suspended {
|
||||
return ErrUserSuspended
|
||||
|
@ -888,7 +888,6 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
suspended, err := app.db.IsUserSuspended(ownerID)
|
||||
if err != nil {
|
||||
log.Error("add post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
}
|
||||
if suspended {
|
||||
return ErrUserSuspended
|
||||
|
@ -991,7 +990,6 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
suspended, err := app.db.IsUserSuspended(userID)
|
||||
if err != nil {
|
||||
log.Error("pin post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
}
|
||||
if suspended {
|
||||
return ErrUserSuspended
|
||||
|
@ -1039,7 +1037,6 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
|
||||
func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
||||
var collID int64
|
||||
var ownerID int64
|
||||
var coll *Collection
|
||||
var err error
|
||||
vars := mux.Vars(r)
|
||||
|
@ -1049,25 +1046,32 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
coll.hostName = app.cfg.App.Host
|
||||
_, err = apiCheckCollectionPermissions(app, r, coll)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
collID = coll.ID
|
||||
ownerID = coll.OwnerID
|
||||
}
|
||||
|
||||
p, err := app.db.GetPost(vars["post"], collID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
suspended, err := app.db.IsUserSuspended(ownerID)
|
||||
if coll == nil && p.CollectionID.Valid {
|
||||
// Collection post is getting fetched by post ID, not coll alias + post slug, so get coll info now.
|
||||
coll, err = app.db.GetCollectionByID(p.CollectionID.Int64)
|
||||
if err != nil {
|
||||
log.Error("fetch post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
return err
|
||||
}
|
||||
}
|
||||
if coll != nil {
|
||||
coll.hostName = app.cfg.App.Host
|
||||
_, err = apiCheckCollectionPermissions(app, r, coll)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
suspended, err := app.db.IsUserSuspended(p.OwnerID.Int64)
|
||||
if err != nil {
|
||||
log.Error("fetch post: %v", err)
|
||||
}
|
||||
if suspended {
|
||||
return ErrPostNotFound
|
||||
}
|
||||
|
@ -1076,13 +1080,6 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
|
|||
|
||||
accept := r.Header.Get("Accept")
|
||||
if strings.Contains(accept, "application/activity+json") {
|
||||
// Fetch information about the collection this belongs to
|
||||
if coll == nil && p.CollectionID.Valid {
|
||||
coll, err = app.db.GetCollectionByID(p.CollectionID.Int64)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if coll == nil {
|
||||
// This is a draft post; 404 for now
|
||||
// TODO: return ActivityObject
|
||||
|
@ -1335,16 +1332,19 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
|
|||
suspended, err := app.db.IsUserSuspended(c.OwnerID)
|
||||
if err != nil {
|
||||
log.Error("view collection post: %v", err)
|
||||
return ErrInternalGeneral
|
||||
}
|
||||
|
||||
// Check collection permissions
|
||||
if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
|
||||
return ErrPostNotFound
|
||||
}
|
||||
if c.IsProtected() && ((u == nil || u.ID != c.OwnerID) && !isAuthorizedForCollection(app, c.Alias, r)) {
|
||||
if c.IsProtected() && (u == nil || u.ID != c.OwnerID) {
|
||||
if suspended {
|
||||
return ErrPostNotFound
|
||||
} else if !isAuthorizedForCollection(app, c.Alias, r) {
|
||||
return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
|
||||
}
|
||||
}
|
||||
|
||||
cr.isCollOwner = u != nil && c.OwnerID == u.ID
|
||||
|
||||
|
|
|
@ -270,7 +270,7 @@
|
|||
<script>
|
||||
function updateMeta() {
|
||||
if ({{.Suspended}}) {
|
||||
alert('Your account is currently supsended, editing posts is disabled.');
|
||||
alert("Your account is silenced, so you can't edit posts.");
|
||||
return
|
||||
}
|
||||
document.getElementById('create-error').style.display = 'none';
|
||||
|
|
|
@ -25,9 +25,6 @@
|
|||
|
||||
</head>
|
||||
<body id="collection" itemscope itemtype="http://schema.org/WebPage">
|
||||
{{if .Suspended}}
|
||||
{{template "user-supsended"}}
|
||||
{{end}}
|
||||
<header>
|
||||
<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
|
||||
</header>
|
||||
|
|
Loading…
Reference in New Issue