mirror
/
writefreely
mirror of https://github.com/writeas/writefreely
2
0
Fork 0
Code Issues Releases Wiki Activity

404 for protected posts when previously authorized

Browse Source 
a user who had previously authenticated on a protected collection would
still see the post after the owner was silenced, with a banner meant for
the owner displayed.
pull/222/head
Rob Loranger 5 years ago
parent aa405bc57c
commit 4c0e4d04c1
No known key found for this signature in database
GPG Key ID: D6F1633A4F0903B8
1 changed files with 7 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      posts.go

9
posts.go
Unescape View File

@ -1342,8 +1342,13 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
return ErrPostNotFound
}
if c.IsProtected() && ((u == nil || u.ID != c.OwnerID) && !isAuthorizedForCollection(app, c.Alias, r)) {
return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
if c.IsProtected() && (u == nil || u.ID != c.OwnerID) {
if suspended {
return ErrPostNotFound
} else if !isAuthorizedForCollection(app, c.Alias, r) {
return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
}
}
cr.isCollOwner = u != nil && c.OwnerID == u.ID

Write Preview
Loading…
Cancel
Save