Make it impossible to view drafts if you are not the author
Even if you got the URL
This commit is contained in:
parent
296aa2fbbb
commit
b01212f4a6
3
po/de.po
3
po/de.po
@ -626,5 +626,8 @@ msgstr ""
|
|||||||
msgid "Users"
|
msgid "Users"
|
||||||
msgstr "Nutzername"
|
msgstr "Nutzername"
|
||||||
|
|
||||||
|
msgid "This post isn't published yet."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#~ msgid "Your password should be at least 8 characters long"
|
#~ msgid "Your password should be at least 8 characters long"
|
||||||
#~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein"
|
#~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein"
|
||||||
|
3
po/en.po
3
po/en.po
@ -605,3 +605,6 @@ msgstr ""
|
|||||||
|
|
||||||
msgid "Users"
|
msgid "Users"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "This post isn't published yet."
|
||||||
|
msgstr ""
|
||||||
|
4
po/fr.po
4
po/fr.po
@ -617,3 +617,7 @@ msgstr ""
|
|||||||
|
|
||||||
msgid "Users"
|
msgid "Users"
|
||||||
msgstr "Utilisateurs"
|
msgstr "Utilisateurs"
|
||||||
|
|
||||||
|
#, fuzzy
|
||||||
|
msgid "This post isn't published yet."
|
||||||
|
msgstr "Cet article est un brouillon, il sera publié plus tard."
|
||||||
|
3
po/nb.po
3
po/nb.po
@ -630,6 +630,9 @@ msgstr ""
|
|||||||
msgid "Users"
|
msgid "Users"
|
||||||
msgstr "Brukernavn"
|
msgstr "Brukernavn"
|
||||||
|
|
||||||
|
msgid "This post isn't published yet."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#~ msgid "One reshare"
|
#~ msgid "One reshare"
|
||||||
#~ msgid_plural "{{ count }} reshares"
|
#~ msgid_plural "{{ count }} reshares"
|
||||||
#~ msgstr[0] "Én deling"
|
#~ msgstr[0] "Én deling"
|
||||||
|
3
po/pl.po
3
po/pl.po
@ -629,6 +629,9 @@ msgstr ""
|
|||||||
msgid "Users"
|
msgid "Users"
|
||||||
msgstr "Nazwa użytkownika"
|
msgstr "Nazwa użytkownika"
|
||||||
|
|
||||||
|
msgid "This post isn't published yet."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#~ msgid "One reshare"
|
#~ msgid "One reshare"
|
||||||
#~ msgid_plural "{{ count }} reshares"
|
#~ msgid_plural "{{ count }} reshares"
|
||||||
#~ msgstr[0] "Jedno udostępnienie"
|
#~ msgstr[0] "Jedno udostępnienie"
|
||||||
|
@ -588,3 +588,6 @@ msgstr ""
|
|||||||
|
|
||||||
msgid "Users"
|
msgid "Users"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "This post isn't published yet."
|
||||||
|
msgstr ""
|
||||||
|
@ -39,39 +39,48 @@ fn details(blog: String, slug: String, conn: DbConn, user: Option<User>) -> Temp
|
|||||||
fn details_response(blog: String, slug: String, conn: DbConn, user: Option<User>, query: Option<CommentQuery>) -> Template {
|
fn details_response(blog: String, slug: String, conn: DbConn, user: Option<User>, query: Option<CommentQuery>) -> Template {
|
||||||
may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| {
|
may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| {
|
||||||
may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| {
|
may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| {
|
||||||
let comments = Comment::list_by_post(&*conn, post.id);
|
if post.published || post.get_authors(&*conn).into_iter().any(|a| a.id == user.clone().map(|u| u.id).unwrap_or(0)) {
|
||||||
let comms = comments.clone();
|
let comments = Comment::list_by_post(&*conn, post.id);
|
||||||
|
let comms = comments.clone();
|
||||||
|
|
||||||
Template::render("posts/details", json!({
|
Template::render("posts/details", json!({
|
||||||
"author": post.get_authors(&*conn)[0].to_json(&*conn),
|
"author": post.get_authors(&*conn)[0].to_json(&*conn),
|
||||||
"article": post.to_json(&*conn),
|
"article": post.to_json(&*conn),
|
||||||
"blog": blog.to_json(&*conn),
|
"blog": blog.to_json(&*conn),
|
||||||
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
|
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
|
||||||
Some(c.to_json(&*conn, &comms))
|
Some(c.to_json(&*conn, &comms))
|
||||||
} else {
|
} else {
|
||||||
None
|
None
|
||||||
}).collect::<Vec<serde_json::Value>>(),
|
}).collect::<Vec<serde_json::Value>>(),
|
||||||
"n_likes": post.get_likes(&*conn).len(),
|
"n_likes": post.get_likes(&*conn).len(),
|
||||||
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
|
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
|
||||||
"n_reshares": post.get_reshares(&*conn).len(),
|
"n_reshares": post.get_reshares(&*conn).len(),
|
||||||
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
|
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
|
||||||
"account": &user.clone().map(|u| u.to_json(&*conn)),
|
"account": &user.clone().map(|u| u.to_json(&*conn)),
|
||||||
"date": &post.creation_date.timestamp(),
|
"date": &post.creation_date.timestamp(),
|
||||||
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
|
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
|
||||||
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
|
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
|
||||||
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
|
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
|
||||||
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
|
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
|
||||||
}))
|
}))
|
||||||
|
} else {
|
||||||
|
Template::render("errors/403", json!({
|
||||||
|
"error_message": "This post isn't published yet."
|
||||||
|
}))
|
||||||
|
}
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
#[get("/~/<blog>/<slug>", rank = 3)]
|
#[get("/~/<blog>/<slug>", rank = 3)]
|
||||||
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> ActivityStream<Article> {
|
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> Result<ActivityStream<Article>, String> {
|
||||||
let blog = Blog::find_by_fqn(&*conn, blog).unwrap();
|
let blog = Blog::find_by_fqn(&*conn, blog).unwrap();
|
||||||
let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap();
|
let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap();
|
||||||
|
if post.published {
|
||||||
ActivityStream::new(post.into_activity(&*conn))
|
Ok(ActivityStream::new(post.into_activity(&*conn)))
|
||||||
|
} else {
|
||||||
|
Err(String::from("Not published yet."))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[get("/~/<blog>/new", rank = 2)]
|
#[get("/~/<blog>/new", rank = 2)]
|
||||||
@ -327,7 +336,6 @@ fn create(blog_name: String, data: LenientForm<NewPostForm>, user: User, conn: D
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[get("/~/<blog_name>/<slug>/delete")]
|
#[get("/~/<blog_name>/<slug>/delete")]
|
||||||
fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State<Pool<ThunkWorker<()>>>) -> Redirect {
|
fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State<Pool<ThunkWorker<()>>>) -> Redirect {
|
||||||
let post = Blog::find_by_fqn(&*conn, blog_name.clone())
|
let post = Blog::find_by_fqn(&*conn, blog_name.clone())
|
||||||
|
Loading…
Reference in New Issue
Block a user