From b01212f4a651df35ff52551d56e32c155a3fcbe3 Mon Sep 17 00:00:00 2001 From: Bat Date: Wed, 12 Sep 2018 16:58:38 +0100 Subject: [PATCH] Make it impossible to view drafts if you are not the author Even if you got the URL --- po/de.po | 3 +++ po/en.po | 3 +++ po/fr.po | 4 +++ po/nb.po | 3 +++ po/pl.po | 3 +++ po/plume.pot | 3 +++ src/routes/posts.rs | 60 +++++++++++++++++++++++++-------------------- 7 files changed, 53 insertions(+), 26 deletions(-) diff --git a/po/de.po b/po/de.po index 38ac32e0..d72857cc 100644 --- a/po/de.po +++ b/po/de.po @@ -626,5 +626,8 @@ msgstr "" msgid "Users" msgstr "Nutzername" +msgid "This post isn't published yet." +msgstr "" + #~ msgid "Your password should be at least 8 characters long" #~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein" diff --git a/po/en.po b/po/en.po index c3563044..63b5fa86 100644 --- a/po/en.po +++ b/po/en.po @@ -605,3 +605,6 @@ msgstr "" msgid "Users" msgstr "" + +msgid "This post isn't published yet." +msgstr "" diff --git a/po/fr.po b/po/fr.po index 44d6677e..57528336 100644 --- a/po/fr.po +++ b/po/fr.po @@ -617,3 +617,7 @@ msgstr "" msgid "Users" msgstr "Utilisateurs" + +#, fuzzy +msgid "This post isn't published yet." +msgstr "Cet article est un brouillon, il sera publié plus tard." diff --git a/po/nb.po b/po/nb.po index b6c428fc..d9167cdb 100644 --- a/po/nb.po +++ b/po/nb.po @@ -630,6 +630,9 @@ msgstr "" msgid "Users" msgstr "Brukernavn" +msgid "This post isn't published yet." +msgstr "" + #~ msgid "One reshare" #~ msgid_plural "{{ count }} reshares" #~ msgstr[0] "Én deling" diff --git a/po/pl.po b/po/pl.po index 9d1e8085..0f1784a2 100644 --- a/po/pl.po +++ b/po/pl.po @@ -629,6 +629,9 @@ msgstr "" msgid "Users" msgstr "Nazwa użytkownika" +msgid "This post isn't published yet." +msgstr "" + #~ msgid "One reshare" #~ msgid_plural "{{ count }} reshares" #~ msgstr[0] "Jedno udostępnienie" diff --git a/po/plume.pot b/po/plume.pot index 2fcdc210..1c5b7c20 100644 --- a/po/plume.pot +++ b/po/plume.pot @@ -588,3 +588,6 @@ msgstr "" msgid "Users" msgstr "" + +msgid "This post isn't published yet." +msgstr "" diff --git a/src/routes/posts.rs b/src/routes/posts.rs index 864680a3..c85fcaf1 100644 --- a/src/routes/posts.rs +++ b/src/routes/posts.rs @@ -39,39 +39,48 @@ fn details(blog: String, slug: String, conn: DbConn, user: Option) -> Temp fn details_response(blog: String, slug: String, conn: DbConn, user: Option, query: Option) -> Template { may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| { may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| { - let comments = Comment::list_by_post(&*conn, post.id); - let comms = comments.clone(); + if post.published || post.get_authors(&*conn).into_iter().any(|a| a.id == user.clone().map(|u| u.id).unwrap_or(0)) { + let comments = Comment::list_by_post(&*conn, post.id); + let comms = comments.clone(); - Template::render("posts/details", json!({ - "author": post.get_authors(&*conn)[0].to_json(&*conn), - "article": post.to_json(&*conn), - "blog": blog.to_json(&*conn), - "comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() { - Some(c.to_json(&*conn, &comms)) - } else { - None - }).collect::>(), - "n_likes": post.get_likes(&*conn).len(), - "has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false), - "n_reshares": post.get_reshares(&*conn).len(), - "has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false), - "account": &user.clone().map(|u| u.to_json(&*conn)), - "date": &post.creation_date.timestamp(), - "previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))), - "user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()), - "is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false), - "is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false) - })) + Template::render("posts/details", json!({ + "author": post.get_authors(&*conn)[0].to_json(&*conn), + "article": post.to_json(&*conn), + "blog": blog.to_json(&*conn), + "comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() { + Some(c.to_json(&*conn, &comms)) + } else { + None + }).collect::>(), + "n_likes": post.get_likes(&*conn).len(), + "has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false), + "n_reshares": post.get_reshares(&*conn).len(), + "has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false), + "account": &user.clone().map(|u| u.to_json(&*conn)), + "date": &post.creation_date.timestamp(), + "previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))), + "user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()), + "is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false), + "is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false) + })) + } else { + Template::render("errors/403", json!({ + "error_message": "This post isn't published yet." + })) + } }) }) } #[get("/~//", rank = 3)] -fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> ActivityStream
{ +fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> Result, String> { let blog = Blog::find_by_fqn(&*conn, blog).unwrap(); let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap(); - - ActivityStream::new(post.into_activity(&*conn)) + if post.published { + Ok(ActivityStream::new(post.into_activity(&*conn))) + } else { + Err(String::from("Not published yet.")) + } } #[get("/~//new", rank = 2)] @@ -327,7 +336,6 @@ fn create(blog_name: String, data: LenientForm, user: User, conn: D } } - #[get("/~///delete")] fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State>>) -> Redirect { let post = Blog::find_by_fqn(&*conn, blog_name.clone())