mirror
/
writefreely
mirror of https://github.com/writeas/writefreely
2
0
Fork 0
Code Issues Releases Wiki Activity

fix accessibility of silenced user posts

Browse Source 
Change view post collection queries to verify that the authenticated user of a silenced collection is either the owner or admin
pull/384/head
Colin Axner 4 years ago
parent 7c1244e6b1
commit 5ba0ea2b04
1 changed files with 6 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      posts.go

8
posts.go
Unescape View File

@ -1421,13 +1421,17 @@ Are you sure it was ever here?`,
return err
}
}
p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
// Check if the authenticated user is the post owner
p.IsOwner = u != nil && u.ID == p.OwnerID.Int64
p.Collection = coll
p.IsTopLevel = app.cfg.App.SingleUser
if !p.IsOwner && silenced {
// Only allow a post owner or admin to view a post for silenced collections
if silenced && !p.IsOwner && (u == nil || !u.IsAdmin()) {
return ErrPostNotFound
}
// Check if post has been unpublished
if p.Content == "" && p.Title.String == "" {
return impart.HTTPError{http.StatusGone, "Post was unpublished."}

Write Preview
Loading…
Cancel
Save