2997135e80
Fixed two existence checks. Tweaked the profile CSS for Cosora. Added the TopicByReplyID function. Split off the profile logic from Reply into ProfileReply. Moved various hard-coded bits in the profile reply routes into ProfileReply. Moved four reply routes into /routes/reply.go Moved six topic routes into /routes/topic.go We should now capture more suspicious activity. Changed the definition of the revisions table.
197 lines
5.6 KiB
Go
197 lines
5.6 KiB
Go
package routes
|
|
|
|
import (
|
|
"database/sql"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"../common"
|
|
)
|
|
|
|
// TODO: Disable stat updates in posts handled by plugin_guilds
|
|
// TODO: Update the stats after edits so that we don't under or over decrement stats during deletes
|
|
func ReplyEditSubmit(w http.ResponseWriter, r *http.Request, user common.User, srid string) common.RouteError {
|
|
isJs := (r.PostFormValue("js") == "1")
|
|
|
|
rid, err := strconv.Atoi(srid)
|
|
if err != nil {
|
|
return common.PreErrorJSQ("The provided Reply ID is not a valid number.", w, r, isJs)
|
|
}
|
|
|
|
reply, err := common.Rstore.Get(rid)
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The target reply doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
topic, err := reply.Topic()
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ferr := common.SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
|
if ferr != nil {
|
|
return ferr
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.EditReply {
|
|
return common.NoPermissionsJSQ(w, r, user, isJs)
|
|
}
|
|
|
|
err = reply.SetBody(r.PostFormValue("edit_item"))
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
if !isJs {
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(topic.ID)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// TODO: Refactor this
|
|
// TODO: Disable stat updates in posts handled by plugin_guilds
|
|
func ReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user common.User, srid string) common.RouteError {
|
|
isJs := (r.PostFormValue("isJs") == "1")
|
|
|
|
rid, err := strconv.Atoi(srid)
|
|
if err != nil {
|
|
return common.PreErrorJSQ("The provided Reply ID is not a valid number.", w, r, isJs)
|
|
}
|
|
|
|
reply, err := common.Rstore.Get(rid)
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The reply you tried to delete doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
topic, err := common.Topics.Get(reply.ParentID)
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ferr := common.SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
|
if ferr != nil {
|
|
return ferr
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
|
|
return common.NoPermissionsJSQ(w, r, user, isJs)
|
|
}
|
|
|
|
err = reply.Delete()
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
//log.Printf("Reply #%d was deleted by common.User #%d", rid, user.ID)
|
|
if !isJs {
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(reply.ParentID), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
|
|
replyCreator, err := common.Users.Get(reply.CreatedBy)
|
|
if err == nil {
|
|
wcount := common.WordCount(reply.Content)
|
|
err = replyCreator.DecreasePostStats(wcount, false)
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
} else if err != sql.ErrNoRows {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
err = common.ModLogs.Create("delete", reply.ParentID, "reply", user.LastIP, user.ID)
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func ProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, user common.User, srid string) common.RouteError {
|
|
isJs := (r.PostFormValue("js") == "1")
|
|
|
|
rid, err := strconv.Atoi(srid)
|
|
if err != nil {
|
|
return common.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, isJs)
|
|
}
|
|
|
|
reply, err := common.Prstore.Get(rid)
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The target reply doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
creator, err := common.Users.Get(reply.CreatedBy)
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
// ? Does the admin understand that this group perm affects this?
|
|
if user.ID != creator.ID && !user.Perms.EditReply {
|
|
return common.NoPermissionsJSQ(w, r, user, isJs)
|
|
}
|
|
|
|
err = reply.SetBody(r.PostFormValue("edit_item"))
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
if !isJs {
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(creator.ID)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func ProfileReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user common.User, srid string) common.RouteError {
|
|
isJs := (r.PostFormValue("isJs") == "1")
|
|
|
|
rid, err := strconv.Atoi(srid)
|
|
if err != nil {
|
|
return common.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, isJs)
|
|
}
|
|
|
|
reply, err := common.Prstore.Get(rid)
|
|
if err == sql.ErrNoRows {
|
|
return common.PreErrorJSQ("The target reply doesn't exist.", w, r, isJs)
|
|
} else if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
creator, err := common.Users.Get(reply.CreatedBy)
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
if user.ID != creator.ID && !user.Perms.DeleteReply {
|
|
return common.NoPermissionsJSQ(w, r, user, isJs)
|
|
}
|
|
|
|
err = reply.Delete()
|
|
if err != nil {
|
|
return common.InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
//log.Printf("The profile post '%d' was deleted by common.User #%d", reply.ID, user.ID)
|
|
|
|
if !isJs {
|
|
//http.Redirect(w,r, "/user/" + strconv.Itoa(creator.ID), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
return nil
|
|
}
|