Merge pull request #528 from isaacsu/protect-drafts

Protect drafts if they are part of a Private or Protected collection
This commit is contained in:
Matt Baer 2023-11-07 10:12:19 -05:00 committed by GitHub
commit 3e7d236c6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -341,6 +341,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
}
var ownerID sql.NullInt64
var collectionID sql.NullInt64
var title string
var content string
var font string
@ -356,7 +357,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
return impart.HTTPError{http.StatusFound, fmt.Sprintf("/%s%s", fixedID, ext)}
}
err := app.db.QueryRow("SELECT owner_id, title, content, text_appearance, view_count, language, rtl FROM posts WHERE id = ?", friendlyID).Scan(&ownerID, &title, &content, &font, &views, &language, &rtl)
err := app.db.QueryRow("SELECT owner_id, collection_id, title, content, text_appearance, view_count, language, rtl FROM posts WHERE id = ?", friendlyID).Scan(&ownerID, &collectionID, &title, &content, &font, &views, &language, &rtl)
switch {
case err == sql.ErrNoRows:
found = false
@ -426,6 +427,16 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
}
}
var protectDraft bool
if found && collectionID.Valid {
collection, err := app.db.GetCollectionByID(collectionID.Int64)
if err != nil {
log.Error("view post: %v", err)
}
protectDraft = collection.IsPrivate() || collection.IsProtected()
}
// Check if post has been unpublished
if title == "" && content == "" {
gone = true
@ -490,6 +501,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
if !page.IsOwner && silenced {
return ErrPostNotFound
}
if !page.IsOwner && protectDraft {
return ErrPostNotFound
}
page.Silenced = silenced
err = templates["post"].ExecuteTemplate(w, "post", page)
if err != nil {