aitzol
/
Plume
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make it impossible to view drafts if you are not the author 

Even if you got the URL
This commit is contained in:
Bat 2018-09-12 16:58:38 +01:00
parent 296aa2fbbb
commit b01212f4a6
7 changed files with 53 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
po/de.po
View File

@ -626,5 +626,8 @@ msgstr ""
msgid "Users" msgid "Users"
msgstr "Nutzername" msgstr "Nutzername"
msgid "This post isn't published yet."
msgstr ""
#~ msgid "Your password should be at least 8 characters long" #~ msgid "Your password should be at least 8 characters long"
#~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein" #~ msgstr "Das Passwort sollte mindestens 8 Zeichen lang sein"

3
po/en.po
View File

@ -605,3 +605,6 @@ msgstr ""
msgid "Users" msgid "Users"
msgstr "" msgstr ""
msgid "This post isn't published yet."
msgstr ""

4
po/fr.po
View File

@ -617,3 +617,7 @@ msgstr ""
msgid "Users" msgid "Users"
msgstr "Utilisateurs" msgstr "Utilisateurs"
#, fuzzy
msgid "This post isn't published yet."
msgstr "Cet article est un brouillon, il sera publié plus tard."

3
po/nb.po
View File

@ -630,6 +630,9 @@ msgstr ""
msgid "Users" msgid "Users"
msgstr "Brukernavn" msgstr "Brukernavn"
msgid "This post isn't published yet."
msgstr ""
#~ msgid "One reshare" #~ msgid "One reshare"
#~ msgid_plural "{{ count }} reshares" #~ msgid_plural "{{ count }} reshares"
#~ msgstr[0] "Én deling" #~ msgstr[0] "Én deling"

3
po/pl.po
View File

@ -629,6 +629,9 @@ msgstr ""
msgid "Users" msgid "Users"
msgstr "Nazwa użytkownika" msgstr "Nazwa użytkownika"
msgid "This post isn't published yet."
msgstr ""
#~ msgid "One reshare" #~ msgid "One reshare"
#~ msgid_plural "{{ count }} reshares" #~ msgid_plural "{{ count }} reshares"
#~ msgstr[0] "Jedno udostępnienie" #~ msgstr[0] "Jedno udostępnienie"

3
po/plume.pot
View File

@ -588,3 +588,6 @@ msgstr ""
msgid "Users" msgid "Users"
msgstr "" msgstr ""
msgid "This post isn't published yet."
msgstr ""

60
src/routes/posts.rs
View File

@ -39,39 +39,48 @@ fn details(blog: String, slug: String, conn: DbConn, user: Option<User>) -> Temp
fn details_response(blog: String, slug: String, conn: DbConn, user: Option<User>, query: Option<CommentQuery>) -> Template { fn details_response(blog: String, slug: String, conn: DbConn, user: Option<User>, query: Option<CommentQuery>) -> Template {
may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| { may_fail!(user.map(|u| u.to_json(&*conn)), Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| {
may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| { may_fail!(user.map(|u| u.to_json(&*conn)), Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| {
let comments = Comment::list_by_post(&*conn, post.id); if post.published || post.get_authors(&*conn).into_iter().any(|a| a.id == user.clone().map(|u| u.id).unwrap_or(0)) {
let comms = comments.clone(); let comments = Comment::list_by_post(&*conn, post.id);
let comms = comments.clone();
Template::render("posts/details", json!({ Template::render("posts/details", json!({
"author": post.get_authors(&*conn)[0].to_json(&*conn), "author": post.get_authors(&*conn)[0].to_json(&*conn),
"article": post.to_json(&*conn), "article": post.to_json(&*conn),
"blog": blog.to_json(&*conn), "blog": blog.to_json(&*conn),
"comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() { "comments": &comments.into_iter().filter_map(|c| if c.in_response_to_id.is_none() {
Some(c.to_json(&*conn, &comms)) Some(c.to_json(&*conn, &comms))
} else { } else {
None None
}).collect::<Vec<serde_json::Value>>(), }).collect::<Vec<serde_json::Value>>(),
"n_likes": post.get_likes(&*conn).len(), "n_likes": post.get_likes(&*conn).len(),
"has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false), "has_liked": user.clone().map(|u| u.has_liked(&*conn, &post)).unwrap_or(false),
"n_reshares": post.get_reshares(&*conn).len(), "n_reshares": post.get_reshares(&*conn).len(),
"has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false), "has_reshared": user.clone().map(|u| u.has_reshared(&*conn, &post)).unwrap_or(false),
"account": &user.clone().map(|u| u.to_json(&*conn)), "account": &user.clone().map(|u| u.to_json(&*conn)),
"date": &post.creation_date.timestamp(), "date": &post.creation_date.timestamp(),
"previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))), "previous": query.and_then(|q| q.responding_to.map(|r| Comment::get(&*conn, r).expect("Error retrieving previous comment").to_json(&*conn, &vec![]))),
"user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()), "user_fqn": user.clone().map(|u| u.get_fqn(&*conn)).unwrap_or(String::new()),
"is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false), "is_author": user.clone().map(|u| post.get_authors(&*conn).into_iter().any(|a| u.id == a.id)).unwrap_or(false),
"is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false) "is_following": user.map(|u| u.is_following(&*conn, post.get_authors(&*conn)[0].id)).unwrap_or(false)
})) }))
} else {
Template::render("errors/403", json!({
"error_message": "This post isn't published yet."
}))
}
}) })
}) })
} }
#[get("/~/<blog>/<slug>", rank = 3)] #[get("/~/<blog>/<slug>", rank = 3)]
fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> ActivityStream<Article> { fn activity_details(blog: String, slug: String, conn: DbConn, _ap: ApRequest) -> Result<ActivityStream<Article>, String> {
let blog = Blog::find_by_fqn(&*conn, blog).unwrap(); let blog = Blog::find_by_fqn(&*conn, blog).unwrap();
let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap(); let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap();
if post.published {
ActivityStream::new(post.into_activity(&*conn)) Ok(ActivityStream::new(post.into_activity(&*conn)))
} else {
Err(String::from("Not published yet."))
}
} }
#[get("/~/<blog>/new", rank = 2)] #[get("/~/<blog>/new", rank = 2)]
@ -327,7 +336,6 @@ fn create(blog_name: String, data: LenientForm<NewPostForm>, user: User, conn: D
} }
} }
#[get("/~/<blog_name>/<slug>/delete")] #[get("/~/<blog_name>/<slug>/delete")]
fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State<Pool<ThunkWorker<()>>>) -> Redirect { fn delete(blog_name: String, slug: String, conn: DbConn, user: User, worker: State<Pool<ThunkWorker<()>>>) -> Redirect {
let post = Blog::find_by_fqn(&*conn, blog_name.clone()) let post = Blog::find_by_fqn(&*conn, blog_name.clone())