mirror of
https://github.com/notherealmarco/WASAPhoto.git
synced 2025-03-14 14:16:15 +01:00
Enforced ban checks
This commit is contained in:
parent
8d999514a5
commit
05acfb045f
2 changed files with 16 additions and 6 deletions
|
@ -12,7 +12,10 @@ func (db *appdbimpl) PostComment(uid string, photo_id int64, comment_user string
|
||||||
// Check if the photo exists, as API specification requires
|
// Check if the photo exists, as API specification requires
|
||||||
// photos to be identified also by the user who posted them.
|
// photos to be identified also by the user who posted them.
|
||||||
// But our DB implementation only requires the photo id.
|
// But our DB implementation only requires the photo id.
|
||||||
exists, err := db.photoExists(uid, photo_id)
|
//
|
||||||
|
// This also checks if the author has banned the user who is posting the comment
|
||||||
|
// as he should not be able to post comments on his photos
|
||||||
|
exists, err := db.PhotoExists(uid, photo_id, comment_user)
|
||||||
if err != nil || !exists {
|
if err != nil || !exists {
|
||||||
return ERR_NOT_FOUND, err
|
return ERR_NOT_FOUND, err
|
||||||
}
|
}
|
||||||
|
@ -33,7 +36,7 @@ func (db *appdbimpl) PostComment(uid string, photo_id int64, comment_user string
|
||||||
|
|
||||||
func (db *appdbimpl) GetCommentOwner(uid string, photo_id int64, comment_id int64) (QueryResult, string, error) {
|
func (db *appdbimpl) GetCommentOwner(uid string, photo_id int64, comment_id int64) (QueryResult, string, error) {
|
||||||
|
|
||||||
// Check if the photo exists, as it exist but have no comments
|
// Check if the photo exists, as it may exist but have no comments
|
||||||
exists, err := db.photoExists(uid, photo_id)
|
exists, err := db.photoExists(uid, photo_id)
|
||||||
if err != nil || !exists {
|
if err != nil || !exists {
|
||||||
return ERR_NOT_FOUND, "", err
|
return ERR_NOT_FOUND, "", err
|
||||||
|
@ -84,7 +87,8 @@ func (db *appdbimpl) DeleteComment(uid string, photo_id int64, comment_id int64)
|
||||||
func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.Comment, error) {
|
func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.Comment, error) {
|
||||||
|
|
||||||
// Check if the photo exists, as it exist but have no comments
|
// Check if the photo exists, as it exist but have no comments
|
||||||
exists, err := db.photoExists(uid, photo_id)
|
// this also checks if the author has banned the requesting user
|
||||||
|
exists, err := db.PhotoExists(uid, photo_id, requesting_uid)
|
||||||
if err != nil || !exists {
|
if err != nil || !exists {
|
||||||
return ERR_NOT_FOUND, nil, err
|
return ERR_NOT_FOUND, nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,8 +8,11 @@ import (
|
||||||
// Get the list of users who liked a photo
|
// Get the list of users who liked a photo
|
||||||
func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.UIDName, error) {
|
func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.UIDName, error) {
|
||||||
|
|
||||||
// Check if the photo exists, as it could exist but have no likes
|
// Check if the photo exists, as it could exist but have no likes.
|
||||||
exists, err := db.photoExists(uid, photo)
|
//
|
||||||
|
// This also checks if the author has banned the requesting user
|
||||||
|
// as he should not be able to see anything related to his photos
|
||||||
|
exists, err := db.PhotoExists(uid, photo, requesting_uid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ERR_INTERNAL, nil, err
|
return ERR_INTERNAL, nil, err
|
||||||
}
|
}
|
||||||
|
@ -52,7 +55,10 @@ func (db *appdbimpl) LikePhoto(uid string, photo int64, liker_uid string) (Query
|
||||||
// Check if the photo exists, as API specification requires
|
// Check if the photo exists, as API specification requires
|
||||||
// photos to be identified also by the user who posted them.
|
// photos to be identified also by the user who posted them.
|
||||||
// But our DB implementation only requires the photo id.
|
// But our DB implementation only requires the photo id.
|
||||||
exists, err := db.photoExists(uid, photo)
|
//
|
||||||
|
// This also checks if the author of the photo has banned the requesting user
|
||||||
|
// as he should not be able to like his photos
|
||||||
|
exists, err := db.PhotoExists(uid, photo, liker_uid)
|
||||||
if err != nil || !exists {
|
if err != nil || !exists {
|
||||||
return ERR_NOT_FOUND, err
|
return ERR_NOT_FOUND, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue