Merge pull request #528 from isaacsu/protect-drafts

Protect drafts if they are part of a Private or Protected collection
pull/854/head
Matt Baer 1 year ago committed by GitHub
commit 3e7d236c6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 17
      posts.go

@ -341,6 +341,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
} }
var ownerID sql.NullInt64 var ownerID sql.NullInt64
var collectionID sql.NullInt64
var title string var title string
var content string var content string
var font string var font string
@ -356,7 +357,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
return impart.HTTPError{http.StatusFound, fmt.Sprintf("/%s%s", fixedID, ext)} return impart.HTTPError{http.StatusFound, fmt.Sprintf("/%s%s", fixedID, ext)}
} }
err := app.db.QueryRow("SELECT owner_id, title, content, text_appearance, view_count, language, rtl FROM posts WHERE id = ?", friendlyID).Scan(&ownerID, &title, &content, &font, &views, &language, &rtl) err := app.db.QueryRow("SELECT owner_id, collection_id, title, content, text_appearance, view_count, language, rtl FROM posts WHERE id = ?", friendlyID).Scan(&ownerID, &collectionID, &title, &content, &font, &views, &language, &rtl)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
found = false found = false
@ -426,6 +427,16 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
} }
} }
var protectDraft bool
if found && collectionID.Valid {
collection, err := app.db.GetCollectionByID(collectionID.Int64)
if err != nil {
log.Error("view post: %v", err)
}
protectDraft = collection.IsPrivate() || collection.IsProtected()
}
// Check if post has been unpublished // Check if post has been unpublished
if title == "" && content == "" { if title == "" && content == "" {
gone = true gone = true
@ -490,6 +501,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
if !page.IsOwner && silenced { if !page.IsOwner && silenced {
return ErrPostNotFound return ErrPostNotFound
} }
if !page.IsOwner && protectDraft {
return ErrPostNotFound
}
page.Silenced = silenced page.Silenced = silenced
err = templates["post"].ExecuteTemplate(w, "post", page) err = templates["post"].ExecuteTemplate(w, "post", page)
if err != nil { if err != nil {

Loading…
Cancel
Save