diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c458bf6..246d895b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,8 @@ All notable changes to paopao-ce are documented in this file. - fixed sql ddl p_contact's column `is_delete` define error (change to `is_del`) in scripts/paopao-mysql.sql [&afd8fe1](https://github.com/rocboss/paopao-ce/commit/afd8fe18d2dce08a4af846c2f822379d99a3d3b3 'commit afd8fe1') - fixed cache index not expire in delete/add tweet error [#266](https://github.com/rocboss/paopao-ce/pull/266) +- fixed tweet's owner not allow star/collection action when tweet is private error [#274](https://github.com/rocboss/paopao-ce/pull/274) +- fixed user not list owner's collectioned private tweet error [#274](https://github.com/rocboss/paopao-ce/pull/274) ### Changed diff --git a/internal/dao/jinzhu/dbr/post_collection.go b/internal/dao/jinzhu/dbr/post_collection.go index 33d32f31..8ac6c113 100644 --- a/internal/dao/jinzhu/dbr/post_collection.go +++ b/internal/dao/jinzhu/dbr/post_collection.go @@ -32,7 +32,7 @@ func (p *PostCollection) Get(db *gorm.DB) (*PostCollection, error) { db = db.Where(tn+"user_id = ?", p.UserID) } - db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) + db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) err := db.First(&star).Error if err != nil { return &star, err @@ -74,7 +74,7 @@ func (p *PostCollection) List(db *gorm.DB, conditions *ConditionsT, offset, limi } } - db = db.Joins("Post").Where(`visibility <> ?`, PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) + db = db.Joins("Post").Where(`visibility <> ? OR (visibility = ? AND ? = ?)`, PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) if err = db.Where(tn+"is_del = ?", 0).Find(&collections).Error; err != nil { return nil, err } @@ -98,7 +98,7 @@ func (p *PostCollection) Count(db *gorm.DB, conditions *ConditionsT) (int64, err } } - db = db.Joins("Post").Where(`visibility <> ?`, PostVisitPrivate) + db = db.Joins("Post").Where(`visibility <> ? OR (visibility = ? AND ? = ?)`, PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID) if err := db.Model(p).Count(&count).Error; err != nil { return 0, err } diff --git a/internal/dao/jinzhu/dbr/post_star.go b/internal/dao/jinzhu/dbr/post_star.go index ca434523..ca598ec8 100644 --- a/internal/dao/jinzhu/dbr/post_star.go +++ b/internal/dao/jinzhu/dbr/post_star.go @@ -32,7 +32,7 @@ func (p *PostStar) Get(db *gorm.DB) (*PostStar, error) { db = db.Where(tn+"user_id = ?", p.UserID) } - db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) + db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) if err := db.First(&star).Error; err != nil { return nil, err } @@ -72,7 +72,7 @@ func (p *PostStar) List(db *gorm.DB, conditions *ConditionsT, offset, limit int) } } - db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) + db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) if err = db.Find(&stars).Error; err != nil { return nil, err } @@ -95,7 +95,7 @@ func (p *PostStar) Count(db *gorm.DB, conditions *ConditionsT) (int64, error) { } } - db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate) + db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID) if err := db.Model(p).Count(&count).Error; err != nil { return 0, err } diff --git a/internal/dao/jinzhu/tweets.go b/internal/dao/jinzhu/tweets.go index 186b7280..cf7e6b63 100644 --- a/internal/dao/jinzhu/tweets.go +++ b/internal/dao/jinzhu/tweets.go @@ -293,7 +293,8 @@ func (s *tweetManageServant) VisiblePost(post *core.Post, visibility core.PostVi tags := strings.Split(post.Tags, ",") for _, t := range tags { tag := &dbr.Tag{ - Tag: t, + UserID: post.UserID, + Tag: t, } // TODO: 暂时宽松不处理错误,这里或许可以有优化,后续完善 if oldVisibility == dbr.PostVisitPrivate { diff --git a/internal/servants/web/priv.go b/internal/servants/web/priv.go index 4e9e6efe..7be0ee2f 100644 --- a/internal/servants/web/priv.go +++ b/internal/servants/web/priv.go @@ -772,14 +772,14 @@ func (s *privSrv) createPostPreHandler(commentID int64, userID, atUserID int64) } func (s *privSrv) createPostStar(postID, userID int64) (*core.PostStar, mir.Error) { - // 加载Post post, err := s.Ds.GetPostByID(postID) if err != nil { return nil, xerror.ServerError } // 私密post不可操作 - if post.Visibility == core.PostVisitPrivate { + // TODO: 使用统一的permission checker来检查权限问题,这里好友可见post就没处理,是bug + if post.Visibility == core.PostVisitPrivate && post.UserID != userID { return nil, _errNoPermission } @@ -794,45 +794,43 @@ func (s *privSrv) createPostStar(postID, userID int64) (*core.PostStar, mir.Erro // 更新索引 s.PushPostToSearch(post) - return star, nil } func (s *privSrv) deletePostStar(star *core.PostStar) mir.Error { - err := s.Ds.DeletePostStar(star) - if err != nil { - return xerror.ServerError - } - // 加载Post post, err := s.Ds.GetPostByID(star.PostID) if err != nil { return xerror.ServerError } - // 私密post不可操作 - if post.Visibility == core.PostVisitPrivate { + // 私密post特殊处理 + // TODO: 使用统一的permission checker来检查权限问题,这里好友可见post就没处理,是bug + if post.Visibility == core.PostVisitPrivate && post.UserID != star.UserID { return _errNoPermission } + if err = s.Ds.DeletePostStar(star); err != nil { + return xerror.ServerError + } + // 更新Post点赞数 post.UpvoteCount-- s.Ds.UpdatePost(post) // 更新索引 s.PushPostToSearch(post) - return nil } func (s *privSrv) createPostCollection(postID, userID int64) (*core.PostCollection, mir.Error) { - // 加载Post post, err := s.Ds.GetPostByID(postID) if err != nil { return nil, xerror.ServerError } - // 私密post不可操作 - if post.Visibility == core.PostVisitPrivate { + // 私密post特殊处理 + // TODO: 使用统一的permission checker来检查权限问题,这里好友可见post就没处理,是bug + if post.Visibility == core.PostVisitPrivate && post.UserID != userID { return nil, _errNoPermission } @@ -847,25 +845,23 @@ func (s *privSrv) createPostCollection(postID, userID int64) (*core.PostCollecti // 更新索引 s.PushPostToSearch(post) - return collection, nil } func (s *privSrv) deletePostCollection(collection *core.PostCollection) mir.Error { - err := s.Ds.DeletePostCollection(collection) - if err != nil { - return xerror.ServerError - } - // 加载Post post, err := s.Ds.GetPostByID(collection.PostID) if err != nil { return xerror.ServerError } - // 私密post不可操作 - if post.Visibility == core.PostVisitPrivate { + // 私密post特殊处理 + // TODO: 使用统一的permission checker来检查权限问题,这里好友可见post就没处理,是bug + if post.Visibility == core.PostVisitPrivate && post.UserID != collection.UserID { return _errNoPermission } + if err = s.Ds.DeletePostCollection(collection); err != nil { + return xerror.ServerError + } // 更新Post点赞数 post.CollectionCount-- @@ -873,7 +869,6 @@ func (s *privSrv) deletePostCollection(collection *core.PostCollection) mir.Erro // 更新索引 s.PushPostToSearch(post) - return nil }