aitzol/Plume
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make it impossible to view drafts if you are not the author

Browse Source 
Even if you got the URL
This commit is contained in:
Bat 2018-09-12 16:58:38 +01:00
parent 296aa2fbbb
commit b01212f4a6
7 changed files with 53 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
po/de.po
View File

@ -626,5 +626,8 @@ msgstr ""
msgid "Users"
msgstr "Nutzername"
msgid "This post isn't published yet."
msgstr ""
#~ msgid "Your password should be at least 8 characters long"
#~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein"

3
po/en.po
View File

@ -605,3 +605,6 @@ msgstr ""
msgid "Users"
msgstr ""
msgid "This post isn't published yet."
msgstr ""

4
po/fr.po
View File

@ -617,3 +617,7 @@ msgstr ""
msgid "Users"
msgstr "Utilisateurs"
#, fuzzy
msgid "This post isn't published yet."
msgstr "Cet article est un brouillon, il sera publié plus tard."

3
po/nb.po
View File

@ -630,6 +630,9 @@ msgstr ""
msgid "Users"
msgstr "Brukernavn"
msgid "This post isn't published yet."
msgstr ""
#~ msgid "One reshare"
#~ msgid_plural "{{ count }} reshares"
#~ msgstr[0] "Én deling"

3
po/pl.po
View File

@ -629,6 +629,9 @@ msgstr ""
msgid "Users"
msgstr "Nazwa użytkownika"
msgid "This post isn't published yet."
msgstr ""
#~ msgid "One reshare"
#~ msgid_plural "{{ count }} reshares"
#~ msgstr[0] "Jedno udostępnienie"

3
po/plume.pot
View File

@ -588,3 +588,6 @@ msgstr ""
msgid "Users"
msgstr ""
msgid "This post isn't published yet."
msgstr ""

60
src/routes/posts.rs
View File

@ -39,39 +39,48 @@ fn details(blog: String, slug: String, conn: DbConn, user: Option<User>) -> Temp
fn details_response(blog: String, slug: String, conn: DbConn, user: Option<User>, query: Option<CommentQuery>) -> Template {
may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| {
may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| {
let comments = Comment::list_by_post(&*conn, post.id);
let comms = comments.clone();
if post.published || post.get_authors(&*conn).into_iter().any(|a| a.id == user.clone().map(|u| u.id).unwrap_or(0)) {
let comments = Comment::list_by_post(&*conn, post.id);
let comms = comments.clone();
Template::render("posts/details", json!({
"author": post.get_authors(&*conn)[0].to_json(&*conn),
"article": post.to_json(&*conn),
"blog": blog.to_json(&*conn),
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
Some(c.to_json(&*conn, &comms))
} else {
None
}).collect::<Vec<serde_json::Value>>(),
"n_likes": post.get_likes(&*conn).len(),
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
"n_reshares": post.get_reshares(&*conn).len(),
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
"account": &user.clone().map(|u| u.to_json(&*conn)),
"date": &post.creation_date.timestamp(),
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
}))
Template::render("posts/details", json!({
"author": post.get_authors(&*conn)[0].to_json(&*conn),
"article": post.to_json(&*conn),
"blog": blog.to_json(&*conn),
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
Some(c.to_json(&*conn, &comms))
} else {
None
}).collect::<Vec<serde_json::Value>>(),
"n_likes": post.get_likes(&*conn).len(),
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
"n_reshares": post.get_reshares(&*conn).len(),
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
"account": &user.clone().map(|u| u.to_json(&*conn)),
"date": &post.creation_date.timestamp(),
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
}))
} else {
Template::render("errors/403", json!({
"error_message": "This post isn't published yet."
}))
}
})
})
}
#[get("/~/<blog>/<slug>", rank = 3)]
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> ActivityStream<Article> {
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> Result<ActivityStream<Article>, String> {
let blog = Blog::find_by_fqn(&*conn, blog).unwrap();
let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap();
ActivityStream::new(post.into_activity(&*conn))
if post.published {
Ok(ActivityStream::new(post.into_activity(&*conn)))
} else {
Err(String::from("Not published yet."))
}
}
#[get("/~/<blog>/new", rank = 2)]
@ -327,7 +336,6 @@ fn create(blog_name: String, data: LenientForm<NewPostForm>, user: User, conn: D
}
}
#[get("/~/<blog_name>/<slug>/delete")]
fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State<Pool<ThunkWorker<()>>>) -> Redirect {
let post = Blog::find_by_fqn(&*conn, blog_name.clone())