Make it impossible to write in a blog where you are not author

Fix #62

po/en.po

@@ -274,3 +274,9 @@ msgstr ""
 
 msgid "The link that led you here may be broken."
 msgstr ""
+
+msgid "You are not authorized."
+msgstr ""
+
+msgid "You are not author in this blog."
+msgstr ""

po/fr.po

@@ -274,3 +274,9 @@ msgstr ""
 
 msgid "The link that led you here may be broken."
 msgstr ""
+
+msgid "You are not authorized."
+msgstr ""
+
+msgid "You are not author in this blog."
+msgstr ""

po/pl.po

@@ -279,5 +279,11 @@ msgstr "Nie udało się odnaleźć tej strony."
 msgid "The link that led you here may be broken."
 msgstr "Odnośnik który Cię tu zaprowadził może być uszkodzony."
 
+msgid "You are not authorized."
+msgstr ""
+
+msgid "You are not author in this blog."
+msgstr ""
+
 #~ msgid "Logowanie"
 #~ msgstr "Zaloguj się"

po/plume.pot

@@ -269,3 +269,9 @@ msgstr ""
 
 msgid "The link that led you here may be broken."
 msgstr ""
+
+msgid "You are not authorized."
+msgstr ""
+
+msgid "You are not author in this blog."
+msgstr ""

src/models/users.rs

@@ -86,6 +86,10 @@ pub struct NewUser {
 
 impl User {
     insert!(users, NewUser);
+    get!(users);
+    find_by!(users, find_by_email, email as String);
+    find_by!(users, find_by_name, username as String, instance_id as i32);
+
 
     pub fn grant_admin_rights(&self, conn: &PgConnection) {
         diesel::update(self)
@@ -105,8 +109,6 @@ impl User {
             .into_iter().nth(0).unwrap()
     }
 
-    get!(users);
-
     pub fn count_local(conn: &PgConnection) -> usize {
         users::table.filter(users::instance_id.eq(Instance::local_id(conn)))
             .load::<User>(conn)
@@ -114,9 +116,6 @@ impl User {
             .len()
     }
 
-    find_by!(users, find_by_email, email as String);
-    find_by!(users, find_by_name, username as String, instance_id as i32);
-
     pub fn find_local(conn: &PgConnection, username: String) -> Option<User> {
         User::find_by_name(conn, username, Instance::local_id(conn))
     }

src/routes/posts.rs

@@ -55,11 +55,18 @@ fn new_auth(blog: String) -> Flash<Redirect> {
 }
 
 #[get("/~/<blog>/new", rank = 1)]
-#[allow(unused_variables)]
+fn new(blog: String, user: User, conn: DbConn) -> Template {
-fn new(blog: String, user: User) -> Template {
+    let b = Blog::find_by_fqn(&*conn, blog.to_string()).unwrap();
+
+    if !user.is_author_in(&*conn, b.clone()) {
+        Template::render("errors/403", json!({
+            "error_message": "You are not author in this blog."
+        }))
+    } else {
         Template::render("posts/new", json!({
             "account": user
         }))
+    }
 }
 
 #[derive(FromForm)]
@@ -75,6 +82,9 @@ fn create(blog_name: String, data: Form<NewPostForm>, user: User, conn: DbConn)
     let form = data.get();
     let slug = form.title.to_string().to_kebab_case();
 
+    if !user.is_author_in(&*conn, blog.clone()) {
+        Redirect::to(uri!(super::blogs::details: name = blog_name))
+    } else {
         if slug == "new" || Post::find_by_slug(&*conn, slug.clone(), blog.id).is_some() {
             Redirect::to(uri!(new: blog = blog_name))
         } else {
@@ -112,4 +122,5 @@ fn create(blog_name: String, data: Form<NewPostForm>, user: User, conn: DbConn)
 
             Redirect::to(uri!(details: blog = blog_name, slug = slug))
         }
+    }
 }

templates/errors/403.html.tera

@@ -0,0 +1,5 @@
+{% extends "errors/base" %}
+
+{% block error %}
+    <h1>{{ "You are not authorized." | _ }}</h1>
+{% endblock error %}