mirror of
https://github.com/writefreely/writefreely
synced 2024-11-24 17:43:05 +00:00
Return 404 for suspended pass-protected colls
Previously, any password-protected collection on a suspended account would prompt visitors for a password, and *then* take them to the "not found" page. This fixes that.
This commit is contained in:
parent
0b701c5f7f
commit
6f6204a849
1 changed files with 10 additions and 0 deletions
|
@ -648,6 +648,16 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R
|
||||||
uname = u.Username
|
uname = u.Username
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: move this to all permission checks?
|
||||||
|
suspended, err := app.db.IsUserSuspended(c.OwnerID)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("process protected collection permissions: %v", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if suspended {
|
||||||
|
return nil, ErrCollectionNotFound
|
||||||
|
}
|
||||||
|
|
||||||
// See if we've authorized this collection
|
// See if we've authorized this collection
|
||||||
authd := isAuthorizedForCollection(app, c.Alias, r)
|
authd := isAuthorizedForCollection(app, c.Alias, r)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue