|
|
@ -110,6 +110,8 @@ type ( |
|
|
|
|
|
|
|
|
|
|
|
// User-related fields
|
|
|
|
// User-related fields
|
|
|
|
isCollOwner bool |
|
|
|
isCollOwner bool |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
isAuthorized bool |
|
|
|
} |
|
|
|
} |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
@ -558,6 +560,7 @@ type CollectionPage struct { |
|
|
|
IsCustomDomain bool |
|
|
|
IsCustomDomain bool |
|
|
|
IsWelcome bool |
|
|
|
IsWelcome bool |
|
|
|
IsOwner bool |
|
|
|
IsOwner bool |
|
|
|
|
|
|
|
IsCollLoggedIn bool |
|
|
|
CanPin bool |
|
|
|
CanPin bool |
|
|
|
Username string |
|
|
|
Username string |
|
|
|
Monetization string |
|
|
|
Monetization string |
|
|
@ -677,9 +680,9 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// See if we've authorized this collection
|
|
|
|
// See if we've authorized this collection
|
|
|
|
authd := isAuthorizedForCollection(app, c.Alias, r) |
|
|
|
cr.isAuthorized = isAuthorizedForCollection(app, c.Alias, r) |
|
|
|
|
|
|
|
|
|
|
|
if !authd { |
|
|
|
if !cr.isAuthorized { |
|
|
|
p := struct { |
|
|
|
p := struct { |
|
|
|
page.StaticPage |
|
|
|
page.StaticPage |
|
|
|
*CollectionObj |
|
|
|
*CollectionObj |
|
|
@ -797,6 +800,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro |
|
|
|
// Serve collection
|
|
|
|
// Serve collection
|
|
|
|
displayPage := CollectionPage{ |
|
|
|
displayPage := CollectionPage{ |
|
|
|
DisplayCollection: coll, |
|
|
|
DisplayCollection: coll, |
|
|
|
|
|
|
|
IsCollLoggedIn: cr.isAuthorized, |
|
|
|
StaticPage: pageForReq(app, r), |
|
|
|
StaticPage: pageForReq(app, r), |
|
|
|
IsCustomDomain: cr.isCustomDomain, |
|
|
|
IsCustomDomain: cr.isCustomDomain, |
|
|
|
IsWelcome: r.FormValue("greeting") != "", |
|
|
|
IsWelcome: r.FormValue("greeting") != "", |
|
|
@ -1163,3 +1167,43 @@ func isAuthorizedForCollection(app *App, alias string, r *http.Request) bool { |
|
|
|
} |
|
|
|
} |
|
|
|
return authd |
|
|
|
return authd |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func logOutCollection(app *App, alias string, w http.ResponseWriter, r *http.Request) error { |
|
|
|
|
|
|
|
session, err := app.sessionStore.Get(r, blogPassCookieName) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Remove this from map of blogs logged into
|
|
|
|
|
|
|
|
delete(session.Values, alias) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// If not auth'd with any blog, delete entire cookie
|
|
|
|
|
|
|
|
if len(session.Values) == 0 { |
|
|
|
|
|
|
|
session.Options.MaxAge = -1 |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return session.Save(r, w) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func handleLogOutCollection(app *App, w http.ResponseWriter, r *http.Request) error { |
|
|
|
|
|
|
|
alias := collectionAliasFromReq(r) |
|
|
|
|
|
|
|
var c *Collection |
|
|
|
|
|
|
|
var err error |
|
|
|
|
|
|
|
if app.cfg.App.SingleUser { |
|
|
|
|
|
|
|
c, err = app.db.GetCollectionByID(1) |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
c, err = app.db.GetCollection(alias) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if !c.IsProtected() { |
|
|
|
|
|
|
|
// Invalid to log out of this collection
|
|
|
|
|
|
|
|
return ErrCollectionPageNotFound |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
err = logOutCollection(app, c.Alias, w, r) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
addSessionFlash(app, w, r, "Logging out failed. Try clearing cookies for this site, instead.", nil) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return impart.HTTPError{http.StatusFound, c.CanonicalURL()} |
|
|
|
|
|
|
|
} |
|
|
|