Mirrors/writefreely
2
0
Fork 0
mirror of https://github.com/writefreely/writefreely synced 2024-11-10 11:24:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

Return 404 for suspended pass-protected colls

Browse source 
Previously, any password-protected collection on a suspended account
would prompt visitors for a password, and *then* take them to the "not
found" page. This fixes that.
This commit is contained in:
Matt Baer 2019-12-17 13:02:21 -05:00
parent 0b701c5f7f
commit 6f6204a849
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
collections.go
View file

@ -648,6 +648,16 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R
uname = u.Username uname = u.Username
} }
// TODO: move this to all permission checks?
suspended, err := app.db.IsUserSuspended(c.OwnerID)
if err != nil {
log.Error("process protected collection permissions: %v", err)
return nil, err
}
if suspended {
return nil, ErrCollectionNotFound
}
// See if we've authorized this collection // See if we've authorized this collection
authd := isAuthorizedForCollection(app, c.Alias, r) authd := isAuthorizedForCollection(app, c.Alias, r)