Merge pull request #274 from alimy/pr-fixed-private-star

fixed private tweet's star/colloect no permission error when it is owner's
pull/277/head
北野 - Michael Li 2 years ago committed by GitHub
commit 7e75f05a0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -55,6 +55,8 @@ All notable changes to paopao-ce are documented in this file.
- fixed sql ddl p_contact's column `is_delete` define error (change to `is_del`) in scripts/paopao-mysql.sql [&afd8fe1](https://github.com/rocboss/paopao-ce/commit/afd8fe18d2dce08a4af846c2f822379d99a3d3b3 'commit afd8fe1') - fixed sql ddl p_contact's column `is_delete` define error (change to `is_del`) in scripts/paopao-mysql.sql [&afd8fe1](https://github.com/rocboss/paopao-ce/commit/afd8fe18d2dce08a4af846c2f822379d99a3d3b3 'commit afd8fe1')
- fixed cache index not expire in delete/add tweet error [#266](https://github.com/rocboss/paopao-ce/pull/266) - fixed cache index not expire in delete/add tweet error [#266](https://github.com/rocboss/paopao-ce/pull/266)
- fixed tweet's owner not allow star/collection action when tweet is private error [#274](https://github.com/rocboss/paopao-ce/pull/274)
- fixed user not list owner's collectioned private tweet error [#274](https://github.com/rocboss/paopao-ce/pull/274)
### Changed ### Changed

@ -32,7 +32,7 @@ func (p *PostCollection) Get(db *gorm.DB) (*PostCollection, error) {
db = db.Where(tn+"user_id = ?", p.UserID) db = db.Where(tn+"user_id = ?", p.UserID)
} }
db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true})
err := db.First(&star).Error err := db.First(&star).Error
if err != nil { if err != nil {
return &star, err return &star, err
@ -74,7 +74,7 @@ func (p *PostCollection) List(db *gorm.DB, conditions *ConditionsT, offset, limi
} }
} }
db = db.Joins("Post").Where(`visibility <> ?`, PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) db = db.Joins("Post").Where(`visibility <> ? OR (visibility = ? AND ? = ?)`, PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true})
if err = db.Where(tn+"is_del = ?", 0).Find(&collections).Error; err != nil { if err = db.Where(tn+"is_del = ?", 0).Find(&collections).Error; err != nil {
return nil, err return nil, err
} }
@ -98,7 +98,7 @@ func (p *PostCollection) Count(db *gorm.DB, conditions *ConditionsT) (int64, err
} }
} }
db = db.Joins("Post").Where(`visibility <> ?`, PostVisitPrivate) db = db.Joins("Post").Where(`visibility <> ? OR (visibility = ? AND ? = ?)`, PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID)
if err := db.Model(p).Count(&count).Error; err != nil { if err := db.Model(p).Count(&count).Error; err != nil {
return 0, err return 0, err
} }

@ -32,7 +32,7 @@ func (p *PostStar) Get(db *gorm.DB) (*PostStar, error) {
db = db.Where(tn+"user_id = ?", p.UserID) db = db.Where(tn+"user_id = ?", p.UserID)
} }
db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true})
if err := db.First(&star).Error; err != nil { if err := db.First(&star).Error; err != nil {
return nil, err return nil, err
} }
@ -72,7 +72,7 @@ func (p *PostStar) List(db *gorm.DB, conditions *ConditionsT, offset, limit int)
} }
} }
db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true}) db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID).Order(clause.OrderByColumn{Column: clause.Column{Table: "Post", Name: "id"}, Desc: true})
if err = db.Find(&stars).Error; err != nil { if err = db.Find(&stars).Error; err != nil {
return nil, err return nil, err
} }
@ -95,7 +95,7 @@ func (p *PostStar) Count(db *gorm.DB, conditions *ConditionsT) (int64, error) {
} }
} }
db = db.Joins("Post").Where("visibility <> ?", PostVisitPrivate) db = db.Joins("Post").Where("visibility <> ? OR (visibility = ? AND ? = ?)", PostVisitPrivate, PostVisitPrivate, clause.Column{Table: "Post", Name: "user_id"}, p.UserID)
if err := db.Model(p).Count(&count).Error; err != nil { if err := db.Model(p).Count(&count).Error; err != nil {
return 0, err return 0, err
} }

@ -293,7 +293,8 @@ func (s *tweetManageServant) VisiblePost(post *core.Post, visibility core.PostVi
tags := strings.Split(post.Tags, ",") tags := strings.Split(post.Tags, ",")
for _, t := range tags { for _, t := range tags {
tag := &dbr.Tag{ tag := &dbr.Tag{
Tag: t, UserID: post.UserID,
Tag: t,
} }
// TODO: 暂时宽松不处理错误,这里或许可以有优化,后续完善 // TODO: 暂时宽松不处理错误,这里或许可以有优化,后续完善
if oldVisibility == dbr.PostVisitPrivate { if oldVisibility == dbr.PostVisitPrivate {

@ -772,14 +772,14 @@ func (s *privSrv) createPostPreHandler(commentID int64, userID, atUserID int64)
} }
func (s *privSrv) createPostStar(postID, userID int64) (*core.PostStar, mir.Error) { func (s *privSrv) createPostStar(postID, userID int64) (*core.PostStar, mir.Error) {
// 加载Post
post, err := s.Ds.GetPostByID(postID) post, err := s.Ds.GetPostByID(postID)
if err != nil { if err != nil {
return nil, xerror.ServerError return nil, xerror.ServerError
} }
// 私密post不可操作 // 私密post不可操作
if post.Visibility == core.PostVisitPrivate { // TODO: 使用统一的permission checker来检查权限问题这里好友可见post就没处理是bug
if post.Visibility == core.PostVisitPrivate && post.UserID != userID {
return nil, _errNoPermission return nil, _errNoPermission
} }
@ -794,45 +794,43 @@ func (s *privSrv) createPostStar(postID, userID int64) (*core.PostStar, mir.Erro
// 更新索引 // 更新索引
s.PushPostToSearch(post) s.PushPostToSearch(post)
return star, nil return star, nil
} }
func (s *privSrv) deletePostStar(star *core.PostStar) mir.Error { func (s *privSrv) deletePostStar(star *core.PostStar) mir.Error {
err := s.Ds.DeletePostStar(star)
if err != nil {
return xerror.ServerError
}
// 加载Post
post, err := s.Ds.GetPostByID(star.PostID) post, err := s.Ds.GetPostByID(star.PostID)
if err != nil { if err != nil {
return xerror.ServerError return xerror.ServerError
} }
// 私密post不可操作 // 私密post特殊处理
if post.Visibility == core.PostVisitPrivate { // TODO: 使用统一的permission checker来检查权限问题这里好友可见post就没处理是bug
if post.Visibility == core.PostVisitPrivate && post.UserID != star.UserID {
return _errNoPermission return _errNoPermission
} }
if err = s.Ds.DeletePostStar(star); err != nil {
return xerror.ServerError
}
// 更新Post点赞数 // 更新Post点赞数
post.UpvoteCount-- post.UpvoteCount--
s.Ds.UpdatePost(post) s.Ds.UpdatePost(post)
// 更新索引 // 更新索引
s.PushPostToSearch(post) s.PushPostToSearch(post)
return nil return nil
} }
func (s *privSrv) createPostCollection(postID, userID int64) (*core.PostCollection, mir.Error) { func (s *privSrv) createPostCollection(postID, userID int64) (*core.PostCollection, mir.Error) {
// 加载Post
post, err := s.Ds.GetPostByID(postID) post, err := s.Ds.GetPostByID(postID)
if err != nil { if err != nil {
return nil, xerror.ServerError return nil, xerror.ServerError
} }
// 私密post不可操作 // 私密post特殊处理
if post.Visibility == core.PostVisitPrivate { // TODO: 使用统一的permission checker来检查权限问题这里好友可见post就没处理是bug
if post.Visibility == core.PostVisitPrivate && post.UserID != userID {
return nil, _errNoPermission return nil, _errNoPermission
} }
@ -847,25 +845,23 @@ func (s *privSrv) createPostCollection(postID, userID int64) (*core.PostCollecti
// 更新索引 // 更新索引
s.PushPostToSearch(post) s.PushPostToSearch(post)
return collection, nil return collection, nil
} }
func (s *privSrv) deletePostCollection(collection *core.PostCollection) mir.Error { func (s *privSrv) deletePostCollection(collection *core.PostCollection) mir.Error {
err := s.Ds.DeletePostCollection(collection)
if err != nil {
return xerror.ServerError
}
// 加载Post
post, err := s.Ds.GetPostByID(collection.PostID) post, err := s.Ds.GetPostByID(collection.PostID)
if err != nil { if err != nil {
return xerror.ServerError return xerror.ServerError
} }
// 私密post不可操作 // 私密post特殊处理
if post.Visibility == core.PostVisitPrivate { // TODO: 使用统一的permission checker来检查权限问题这里好友可见post就没处理是bug
if post.Visibility == core.PostVisitPrivate && post.UserID != collection.UserID {
return _errNoPermission return _errNoPermission
} }
if err = s.Ds.DeletePostCollection(collection); err != nil {
return xerror.ServerError
}
// 更新Post点赞数 // 更新Post点赞数
post.CollectionCount-- post.CollectionCount--
@ -873,7 +869,6 @@ func (s *privSrv) deletePostCollection(collection *core.PostCollection) mir.Erro
// 更新索引 // 更新索引
s.PushPostToSearch(post) s.PushPostToSearch(post)
return nil return nil
} }

Loading…
Cancel
Save