github.com/Azareal/Gosora@v0.0.0-20210729070923-553e66b59003/routes/profile_reply.go

github.com/Azareal/Gosora@v0.0.0-20210729070923-553e66b59003/routes/profile_reply.go (about)

     1  package routes
     2  
     3  import (
     4  	"database/sql"
     5  	"net/http"
     6  	"strconv"
     7  
     8  	c "github.com/Azareal/Gosora/common"
     9  	co "github.com/Azareal/Gosora/common/counters"
    10  )
    11  
    12  func ProfileReplyCreateSubmit(w http.ResponseWriter, r *http.Request, u *c.User) c.RouteError {
    13  	if !u.Perms.CreateProfileReply {
    14  		return c.NoPermissions(w, r, u)
    15  	}
    16  	uid, err := strconv.Atoi(r.PostFormValue("uid"))
    17  	if err != nil {
    18  		return c.LocalError("Invalid UID", w, r, u)
    19  	}
    20  	profileOwner, err := c.Users.Get(uid)
    21  	if err == sql.ErrNoRows {
    22  		return c.LocalError("The profile you're trying to post on doesn't exist.", w, r, u)
    23  	} else if err != nil {
    24  		return c.InternalError(err, w, r)
    25  	}
    26  
    27  	blocked, err := c.UserBlocks.IsBlockedBy(profileOwner.ID, u.ID)
    28  	if err != nil {
    29  		return c.InternalError(err, w, r)
    30  	}
    31  	// Supermods can bypass blocks so they can tell people off when they do something stupid or have to convey important information
    32  	if (blocked || !c.PrivacyCommentsShow(profileOwner, u)) && !u.IsSuperMod {
    33  		return c.LocalError("You don't have permission to send messages to one of these users.", w, r, u)
    34  	}
    35  
    36  	content := c.PreparseMessage(r.PostFormValue("content"))
    37  	if len(content) == 0 {
    38  		return c.LocalError("You can't make a blank post", w, r, u)
    39  	}
    40  	// TODO: Fully parse the post and store it in the parsed column
    41  	prid, err := c.Prstore.Create(profileOwner.ID, content, u.ID, u.GetIP())
    42  	if err != nil {
    43  		return c.InternalError(err, w, r)
    44  	}
    45  
    46  	// ! Be careful about leaking per-route permission state with user ptr
    47  	alert := c.Alert{ActorID: u.ID, TargetUserID: profileOwner.ID, Event: "reply", ElementType: "user", ElementID: profileOwner.ID, Actor: u, Extra: strconv.Itoa(prid)}
    48  	err = c.AddActivityAndNotifyTarget(alert)
    49  	if err != nil {
    50  		return c.InternalError(err, w, r)
    51  	}
    52  
    53  	co.PostCounter.Bump()
    54  	http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
    55  	return nil
    56  }
    57  
    58  func ProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, u *c.User, srid string) c.RouteError {
    59  	js := r.PostFormValue("js") == "1"
    60  	rid, err := strconv.Atoi(srid)
    61  	if err != nil {
    62  		return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, u, js)
    63  	}
    64  	reply, err := c.Prstore.Get(rid)
    65  	if err == sql.ErrNoRows {
    66  		return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
    67  	} else if err != nil {
    68  		return c.InternalErrorJSQ(err, w, r, js)
    69  	}
    70  
    71  	creator, err := c.Users.Get(reply.CreatedBy)
    72  	if err != nil {
    73  		return c.InternalErrorJSQ(err, w, r, js)
    74  	}
    75  	if !u.Perms.CreateProfileReply {
    76  		return c.NoPermissionsJSQ(w, r, u, js)
    77  	}
    78  	// ? Does the admin understand that this group perm affects this?
    79  	if u.ID != creator.ID && !u.Perms.EditReply {
    80  		return c.NoPermissionsJSQ(w, r, u, js)
    81  	}
    82  
    83  	profileOwner, err := c.Users.Get(reply.ParentID)
    84  	if err == sql.ErrNoRows {
    85  		return c.LocalError("The profile you're trying to edit a post on doesn't exist.", w, r, u)
    86  	} else if err != nil {
    87  		return c.InternalError(err, w, r)
    88  	}
    89  	blocked, err := c.UserBlocks.IsBlockedBy(profileOwner.ID, u.ID)
    90  	if err != nil {
    91  		return c.InternalError(err, w, r)
    92  	}
    93  	// Supermods can bypass blocks so they can tell people off when they do something stupid or have to convey important information
    94  	if (blocked || !c.PrivacyCommentsShow(profileOwner, u)) && !u.IsSuperMod {
    95  		return c.NoPermissionsJSQ(w, r, u, js)
    96  	}
    97  
    98  	err = reply.SetBody(r.PostFormValue("edit_item"))
    99  	if err != nil {
   100  		return c.InternalErrorJSQ(err, w, r, js)
   101  	}
   102  	return actionSuccess(w, r, "/user/"+strconv.Itoa(creator.ID)+"#reply-"+strconv.Itoa(rid), js)
   103  }
   104  
   105  func ProfileReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, u *c.User, srid string) c.RouteError {
   106  	js := r.PostFormValue("js") == "1"
   107  	rid, err := strconv.Atoi(srid)
   108  	if err != nil {
   109  		return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, u, js)
   110  	}
   111  	reply, err := c.Prstore.Get(rid)
   112  	if err == sql.ErrNoRows {
   113  		return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
   114  	} else if err != nil {
   115  		return c.InternalErrorJSQ(err, w, r, js)
   116  	}
   117  
   118  	creator, err := c.Users.Get(reply.CreatedBy)
   119  	if err != nil {
   120  		return c.InternalErrorJSQ(err, w, r, js)
   121  	}
   122  	if u.ID != creator.ID && !u.Perms.DeleteReply {
   123  		return c.NoPermissionsJSQ(w, r, u, js)
   124  	}
   125  
   126  	err = reply.Delete()
   127  	if err != nil {
   128  		return c.InternalErrorJSQ(err, w, r, js)
   129  	}
   130  	//log.Printf("The profile post '%d' was deleted by c.User #%d", reply.ID, u.ID)
   131  
   132  	if !js {
   133  		//http.Redirect(w,r, "/user/" + strconv.Itoa(creator.ID), http.StatusSeeOther)
   134  	} else {
   135  		w.Write(successJSONBytes)
   136  	}
   137  
   138  	err = c.ModLogs.Create("delete", reply.ParentID, "profile-reply", u.GetIP(), u.ID)
   139  	if err != nil {
   140  		return c.InternalErrorJSQ(err, w, r, js)
   141  	}
   142  	return nil
   143  }