mirror
/
writefreely
mirror of https://github.com/writeas/writefreely
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #224 from writeas/hotfix-0.11.2

Browse Source 
v0.11.2 hotfix
pull/270/head v0.11.2
Matt Baer 5 years ago committed by GitHub
parent bd99044e9c 8dc1ef0fdb
commit e16ea3b419
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 42 additions and 33 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      app.go
  2. 10
      collections.go
  3. 2
      pad.go
  4. 56
      posts.go
  5. 2
      templates/edit-meta.tmpl
  6. 3
      templates/password-collection.tmpl

2
app.go
Unescape View File

@ -56,7 +56,7 @@ var (
debugging bool
// Software version can be set from git env using -ldflags
softwareVer = "0.11.1"
softwareVer = "0.11.2"
// DEPRECATED VARS
isSingleUser bool

10
collections.go
Unescape View File

@ -648,6 +648,16 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R
uname = u.Username
}
// TODO: move this to all permission checks?
suspended, err := app.db.IsUserSuspended(c.OwnerID)
if err != nil {
log.Error("process protected collection permissions: %v", err)
return nil, err
}
if suspended {
return nil, ErrCollectionNotFound
}
// See if we've authorized this collection
authd := isAuthorizedForCollection(app, c.Alias, r)

2
pad.go
Unescape View File

@ -92,6 +92,7 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
if err != nil {
return err
}
appData.EditCollection.hostName = app.cfg.App.Host
} else {
// Editing a floating article
appData.Post = getRawPost(app, action)
@ -161,6 +162,7 @@ func handleViewMeta(app *App, w http.ResponseWriter, r *http.Request) error {
if err != nil {
return err
}
appData.EditCollection.hostName = app.cfg.App.Host
} else {
// Editing a floating article
appData.Post = getRawPost(app, action)

56
posts.go
Unescape View File

@ -381,10 +381,12 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
}
}
suspended, err := app.db.IsUserSuspended(ownerID.Int64)
if err != nil {
log.Error("view post: %v", err)
return ErrInternalGeneral
var suspended bool
if found {
suspended, err = app.db.IsUserSuspended(ownerID.Int64)
if err != nil {
log.Error("view post: %v", err)
}
}
// Check if post has been unpublished
@ -511,7 +513,6 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
suspended, err := app.db.IsUserSuspended(userID)
if err != nil {
log.Error("new post: %v", err)
return ErrInternalGeneral
}
if suspended {
return ErrUserSuspended
@ -685,7 +686,6 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
suspended, err := app.db.IsUserSuspended(userID)
if err != nil {
log.Error("existing post: %v", err)
return ErrInternalGeneral
}
if suspended {
return ErrUserSuspended
@ -888,7 +888,6 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
suspended, err := app.db.IsUserSuspended(ownerID)
if err != nil {
log.Error("add post: %v", err)
return ErrInternalGeneral
}
if suspended {
return ErrUserSuspended
@ -991,7 +990,6 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
suspended, err := app.db.IsUserSuspended(userID)
if err != nil {
log.Error("pin post: %v", err)
return ErrInternalGeneral
}
if suspended {
return ErrUserSuspended
@ -1039,7 +1037,6 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
var collID int64
var ownerID int64
var coll *Collection
var err error
vars := mux.Vars(r)
@ -1049,25 +1046,32 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
if err != nil {
return err
}
coll.hostName = app.cfg.App.Host
_, err = apiCheckCollectionPermissions(app, r, coll)
if err != nil {
return err
}
collID = coll.ID
ownerID = coll.OwnerID
}
p, err := app.db.GetPost(vars["post"], collID)
if err != nil {
return err
}
suspended, err := app.db.IsUserSuspended(ownerID)
if coll == nil && p.CollectionID.Valid {
// Collection post is getting fetched by post ID, not coll alias + post slug, so get coll info now.
coll, err = app.db.GetCollectionByID(p.CollectionID.Int64)
if err != nil {
return err
}
}
if coll != nil {
coll.hostName = app.cfg.App.Host
_, err = apiCheckCollectionPermissions(app, r, coll)
if err != nil {
return err
}
}
suspended, err := app.db.IsUserSuspended(p.OwnerID.Int64)
if err != nil {
log.Error("fetch post: %v", err)
return ErrInternalGeneral
}
if suspended {
return ErrPostNotFound
}
@ -1076,13 +1080,6 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
accept := r.Header.Get("Accept")
if strings.Contains(accept, "application/activity+json") {
// Fetch information about the collection this belongs to
if coll == nil && p.CollectionID.Valid {
coll, err = app.db.GetCollectionByID(p.CollectionID.Int64)
if err != nil {
return err
}
}
if coll == nil {
// This is a draft post; 404 for now
// TODO: return ActivityObject
@ -1335,15 +1332,18 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
suspended, err := app.db.IsUserSuspended(c.OwnerID)
if err != nil {
log.Error("view collection post: %v", err)
return ErrInternalGeneral
}
// Check collection permissions
if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
return ErrPostNotFound
}
if c.IsProtected() && ((u == nil || u.ID != c.OwnerID) && !isAuthorizedForCollection(app, c.Alias, r)) {
return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
if c.IsProtected() && (u == nil || u.ID != c.OwnerID) {
if suspended {
return ErrPostNotFound
} else if !isAuthorizedForCollection(app, c.Alias, r) {
return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
}
}
cr.isCollOwner = u != nil && c.OwnerID == u.ID

2
templates/edit-meta.tmpl
Unescape View File

@ -270,7 +270,7 @@
<script>
function updateMeta() {
if ({{.Suspended}}) {
alert('Your account is currently supsended, editing posts is disabled.');
alert("Your account is silenced, so you can't edit posts.");
return
}
document.getElementById('create-error').style.display = 'none';

3
templates/password-collection.tmpl
Unescape View File

@ -25,9 +25,6 @@
</head>
<body id="collection" itemscope itemtype="http://schema.org/WebPage">
{{if .Suspended}}
{{template "user-supsended"}}
{{end}}
<header>
<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
</header>

Write Preview
Loading…
Cancel
Save