2019-10-19 10:33:59 +00:00
|
|
|
package routes
|
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
|
|
|
"net/http"
|
|
|
|
"strconv"
|
|
|
|
|
|
|
|
c "github.com/Azareal/Gosora/common"
|
|
|
|
"github.com/Azareal/Gosora/common/counters"
|
|
|
|
)
|
|
|
|
|
2020-03-18 09:21:34 +00:00
|
|
|
func ProfileReplyCreateSubmit(w http.ResponseWriter, r *http.Request, user *c.User) c.RouteError {
|
2020-02-04 11:47:03 +00:00
|
|
|
if !user.Perms.CreateProfileReply {
|
2019-10-19 10:33:59 +00:00
|
|
|
return c.NoPermissions(w, r, user)
|
|
|
|
}
|
|
|
|
uid, err := strconv.Atoi(r.PostFormValue("uid"))
|
|
|
|
if err != nil {
|
|
|
|
return c.LocalError("Invalid UID", w, r, user)
|
|
|
|
}
|
|
|
|
profileOwner, err := c.Users.Get(uid)
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
return c.LocalError("The profile you're trying to post on doesn't exist.", w, r, user)
|
|
|
|
} else if err != nil {
|
|
|
|
return c.InternalError(err, w, r)
|
|
|
|
}
|
|
|
|
|
|
|
|
blocked, err := c.UserBlocks.IsBlockedBy(profileOwner.ID, user.ID)
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalError(err, w, r)
|
|
|
|
}
|
|
|
|
// Supermods can bypass blocks so they can tell people off when they do something stupid or have to convey important information
|
2020-07-14 21:50:29 +00:00
|
|
|
if (blocked || !profileCommentsShow(profileOwner, user)) && !user.IsSuperMod {
|
2019-10-19 10:33:59 +00:00
|
|
|
return c.LocalError("You don't have permission to send messages to one of these users.", w, r, user)
|
|
|
|
}
|
|
|
|
|
|
|
|
content := c.PreparseMessage(r.PostFormValue("content"))
|
|
|
|
if len(content) == 0 {
|
|
|
|
return c.LocalError("You can't make a blank post", w, r, user)
|
|
|
|
}
|
|
|
|
// TODO: Fully parse the post and store it in the parsed column
|
Cascade delete attachments properly.
Cascade delete replied to topic events for replies properly.
Cascade delete likes on topic posts properly.
Cascade delete replies and their children properly.
Recalculate user stats properly when items are deleted.
Users can now unlike topic opening posts.
Add a recalculator to fix abnormalities across upgrades.
Try fixing a last_ip daily update bug.
Add Existable interface.
Add Delete method to LikeStore.
Add Each, Exists, Create, CountUser, CountMegaUser and CountBigUser methods to ReplyStore.
Add CountUser, CountMegaUser, CountBigUser methods to TopicStore.
Add Each method to UserStore.
Add Add, Delete and DeleteResource methods to SubscriptionStore.
Add Delete, DeleteByParams, DeleteByParamsExtra and AidsByParamsExtra methods to ActivityStream.
Add Exists method to ProfileReplyStore.
Add DropColumn, RenameColumn and ChangeColumn to the database adapters.
Shorten ipaddress column names to ip.
- topics table.
- replies table
- users_replies table.
- polls_votes table.
Add extra column to activity_stream table.
Fix an issue upgrading sites to MariaDB 10.3 from older versions of Gosora. Please report any other issues you find.
You need to run the updater / patcher for this commit.
2020-01-31 07:22:08 +00:00
|
|
|
prid, err := c.Prstore.Create(profileOwner.ID, content, user.ID, user.GetIP())
|
2019-10-19 10:33:59 +00:00
|
|
|
if err != nil {
|
|
|
|
return c.InternalError(err, w, r)
|
|
|
|
}
|
|
|
|
|
2020-03-18 09:21:34 +00:00
|
|
|
// ! Be careful about leaking per-route permission state with user ptr
|
|
|
|
alert := c.Alert{ActorID: user.ID, TargetUserID: profileOwner.ID, Event: "reply", ElementType: "user", ElementID: profileOwner.ID, Actor: user, Extra: strconv.Itoa(prid)}
|
2019-10-19 10:33:59 +00:00
|
|
|
err = c.AddActivityAndNotifyTarget(alert)
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalError(err, w, r)
|
|
|
|
}
|
|
|
|
|
|
|
|
counters.PostCounter.Bump()
|
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-07-14 21:50:29 +00:00
|
|
|
func ProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, u *c.User, srid string) c.RouteError {
|
2019-10-19 10:33:59 +00:00
|
|
|
js := r.PostFormValue("js") == "1"
|
|
|
|
rid, err := strconv.Atoi(srid)
|
|
|
|
if err != nil {
|
2020-07-14 21:50:29 +00:00
|
|
|
return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, u, js)
|
2019-10-19 10:33:59 +00:00
|
|
|
}
|
|
|
|
reply, err := c.Prstore.Get(rid)
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
|
|
|
|
} else if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
|
|
|
|
|
|
|
creator, err := c.Users.Get(reply.CreatedBy)
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
2020-07-14 21:50:29 +00:00
|
|
|
if !u.Perms.CreateProfileReply {
|
|
|
|
return c.NoPermissionsJSQ(w, r, u, js)
|
2020-02-04 11:47:03 +00:00
|
|
|
}
|
2019-10-19 10:33:59 +00:00
|
|
|
// ? Does the admin understand that this group perm affects this?
|
2020-07-14 21:50:29 +00:00
|
|
|
if u.ID != creator.ID && !u.Perms.EditReply {
|
|
|
|
return c.NoPermissionsJSQ(w, r, u, js)
|
2019-10-19 10:33:59 +00:00
|
|
|
}
|
|
|
|
|
2020-07-14 21:50:29 +00:00
|
|
|
profileOwner, err := c.Users.Get(reply.ParentID)
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
return c.LocalError("The profile you're trying to edit a post on doesn't exist.", w, r, u)
|
|
|
|
} else if err != nil {
|
|
|
|
return c.InternalError(err, w, r)
|
|
|
|
}
|
|
|
|
blocked, err := c.UserBlocks.IsBlockedBy(profileOwner.ID, u.ID)
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalError(err, w, r)
|
|
|
|
}
|
|
|
|
// Supermods can bypass blocks so they can tell people off when they do something stupid or have to convey important information
|
|
|
|
if (blocked || !profileCommentsShow(profileOwner, u)) && !u.IsSuperMod {
|
|
|
|
return c.NoPermissionsJSQ(w, r, u, js)
|
|
|
|
}
|
2019-10-19 10:33:59 +00:00
|
|
|
|
|
|
|
err = reply.SetBody(r.PostFormValue("edit_item"))
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
2020-07-14 21:50:29 +00:00
|
|
|
return actionSuccess(w, r, "/user/"+strconv.Itoa(creator.ID)+"#reply-"+strconv.Itoa(rid), js)
|
2019-10-19 10:33:59 +00:00
|
|
|
}
|
|
|
|
|
2020-07-14 21:50:29 +00:00
|
|
|
func ProfileReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, u *c.User, srid string) c.RouteError {
|
2019-10-19 10:33:59 +00:00
|
|
|
js := r.PostFormValue("js") == "1"
|
|
|
|
rid, err := strconv.Atoi(srid)
|
|
|
|
if err != nil {
|
2020-07-14 21:50:29 +00:00
|
|
|
return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, u, js)
|
2019-10-19 10:33:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
reply, err := c.Prstore.Get(rid)
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
|
|
|
|
} else if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
|
|
|
|
|
|
|
creator, err := c.Users.Get(reply.CreatedBy)
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
2020-07-14 21:50:29 +00:00
|
|
|
if u.ID != creator.ID && !u.Perms.DeleteReply {
|
|
|
|
return c.NoPermissionsJSQ(w, r, u, js)
|
2019-10-19 10:33:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err = reply.Delete()
|
|
|
|
if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
2020-07-14 21:50:29 +00:00
|
|
|
//log.Printf("The profile post '%d' was deleted by c.User #%d", reply.ID, u.ID)
|
2019-10-19 10:33:59 +00:00
|
|
|
|
|
|
|
if !js {
|
|
|
|
//http.Redirect(w,r, "/user/" + strconv.Itoa(creator.ID), http.StatusSeeOther)
|
|
|
|
} else {
|
|
|
|
w.Write(successJSONBytes)
|
|
|
|
}
|
2020-02-04 11:47:03 +00:00
|
|
|
|
2020-07-14 21:50:29 +00:00
|
|
|
err = c.ModLogs.Create("delete", reply.ParentID, "profile-reply", u.GetIP(), u.ID)
|
2020-02-04 11:47:03 +00:00
|
|
|
if err != nil {
|
|
|
|
return c.InternalErrorJSQ(err, w, r, js)
|
|
|
|
}
|
2019-10-19 10:33:59 +00:00
|
|
|
return nil
|
|
|
|
}
|