Make it impossible to view drafts if you are not the author
Even if you got the URL
This commit is contained in:
parent
296aa2fbbb
commit
b01212f4a6
3
po/de.po
3
po/de.po
@ -626,5 +626,8 @@ msgstr ""
|
||||
msgid "Users"
|
||||
msgstr "Nutzername"
|
||||
|
||||
msgid "This post isn't published yet."
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "Your password should be at least 8 characters long"
|
||||
#~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein"
|
||||
|
3
po/en.po
3
po/en.po
@ -605,3 +605,6 @@ msgstr ""
|
||||
|
||||
msgid "Users"
|
||||
msgstr ""
|
||||
|
||||
msgid "This post isn't published yet."
|
||||
msgstr ""
|
||||
|
4
po/fr.po
4
po/fr.po
@ -617,3 +617,7 @@ msgstr ""
|
||||
|
||||
msgid "Users"
|
||||
msgstr "Utilisateurs"
|
||||
|
||||
#, fuzzy
|
||||
msgid "This post isn't published yet."
|
||||
msgstr "Cet article est un brouillon, il sera publié plus tard."
|
||||
|
3
po/nb.po
3
po/nb.po
@ -630,6 +630,9 @@ msgstr ""
|
||||
msgid "Users"
|
||||
msgstr "Brukernavn"
|
||||
|
||||
msgid "This post isn't published yet."
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "One reshare"
|
||||
#~ msgid_plural "{{ count }} reshares"
|
||||
#~ msgstr[0] "Én deling"
|
||||
|
3
po/pl.po
3
po/pl.po
@ -629,6 +629,9 @@ msgstr ""
|
||||
msgid "Users"
|
||||
msgstr "Nazwa użytkownika"
|
||||
|
||||
msgid "This post isn't published yet."
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "One reshare"
|
||||
#~ msgid_plural "{{ count }} reshares"
|
||||
#~ msgstr[0] "Jedno udostępnienie"
|
||||
|
@ -588,3 +588,6 @@ msgstr ""
|
||||
|
||||
msgid "Users"
|
||||
msgstr ""
|
||||
|
||||
msgid "This post isn't published yet."
|
||||
msgstr ""
|
||||
|
@ -39,39 +39,48 @@ fn details(blog: String, slug: String, conn: DbConn, user: Option<User>) -> Temp
|
||||
fn details_response(blog: String, slug: String, conn: DbConn, user: Option<User>, query: Option<CommentQuery>) -> Template {
|
||||
may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| {
|
||||
may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| {
|
||||
let comments = Comment::list_by_post(&*conn, post.id);
|
||||
let comms = comments.clone();
|
||||
if post.published || post.get_authors(&*conn).into_iter().any(|a| a.id == user.clone().map(|u| u.id).unwrap_or(0)) {
|
||||
let comments = Comment::list_by_post(&*conn, post.id);
|
||||
let comms = comments.clone();
|
||||
|
||||
Template::render("posts/details", json!({
|
||||
"author": post.get_authors(&*conn)[0].to_json(&*conn),
|
||||
"article": post.to_json(&*conn),
|
||||
"blog": blog.to_json(&*conn),
|
||||
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
|
||||
Some(c.to_json(&*conn, &comms))
|
||||
} else {
|
||||
None
|
||||
}).collect::<Vec<serde_json::Value>>(),
|
||||
"n_likes": post.get_likes(&*conn).len(),
|
||||
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
|
||||
"n_reshares": post.get_reshares(&*conn).len(),
|
||||
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
|
||||
"account": &user.clone().map(|u| u.to_json(&*conn)),
|
||||
"date": &post.creation_date.timestamp(),
|
||||
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
|
||||
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
|
||||
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
|
||||
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
|
||||
}))
|
||||
Template::render("posts/details", json!({
|
||||
"author": post.get_authors(&*conn)[0].to_json(&*conn),
|
||||
"article": post.to_json(&*conn),
|
||||
"blog": blog.to_json(&*conn),
|
||||
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
|
||||
Some(c.to_json(&*conn, &comms))
|
||||
} else {
|
||||
None
|
||||
}).collect::<Vec<serde_json::Value>>(),
|
||||
"n_likes": post.get_likes(&*conn).len(),
|
||||
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
|
||||
"n_reshares": post.get_reshares(&*conn).len(),
|
||||
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
|
||||
"account": &user.clone().map(|u| u.to_json(&*conn)),
|
||||
"date": &post.creation_date.timestamp(),
|
||||
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
|
||||
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
|
||||
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
|
||||
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
|
||||
}))
|
||||
} else {
|
||||
Template::render("errors/403", json!({
|
||||
"error_message": "This post isn't published yet."
|
||||
}))
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
#[get("/~/<blog>/<slug>", rank = 3)]
|
||||
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> ActivityStream<Article> {
|
||||
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> Result<ActivityStream<Article>, String> {
|
||||
let blog = Blog::find_by_fqn(&*conn, blog).unwrap();
|
||||
let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap();
|
||||
|
||||
ActivityStream::new(post.into_activity(&*conn))
|
||||
if post.published {
|
||||
Ok(ActivityStream::new(post.into_activity(&*conn)))
|
||||
} else {
|
||||
Err(String::from("Not published yet."))
|
||||
}
|
||||
}
|
||||
|
||||
#[get("/~/<blog>/new", rank = 2)]
|
||||
@ -327,7 +336,6 @@ fn create(blog_name: String, data: LenientForm<NewPostForm>, user: User, conn: D
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#[get("/~/<blog_name>/<slug>/delete")]
|
||||
fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State<Pool<ThunkWorker<()>>>) -> Redirect {
|
||||
let post = Blog::find_by_fqn(&*conn, blog_name.clone())
|
||||
|
Loading…
Reference in New Issue
Block a user