marcorealacci/WASAPhoto
1
0
Fork 0
mirror of https://github.com/notherealmarco/WASAPhoto.git synced 2025-03-14 14:16:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enforced ban checks

Browse source
This commit is contained in:
Marco Realacci 2022-11-22 22:26:05 +01:00
parent 8d999514a5
commit 05acfb045f
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
service/database/db-comments.go
View file

@ -12,7 +12,10 @@ func (db *appdbimpl) PostComment(uid string, photo_id int64, comment_user string
// Check if the photo exists, as API specification requires // Check if the photo exists, as API specification requires
// photos to be identified also by the user who posted them. // photos to be identified also by the user who posted them.
// But our DB implementation only requires the photo id. // But our DB implementation only requires the photo id.
exists, err := db.photoExists(uid, photo_id) //
// This also checks if the author has banned the user who is posting the comment
// as he should not be able to post comments on his photos
exists, err := db.PhotoExists(uid, photo_id, comment_user)
if err != nil || !exists { if err != nil || !exists {
return ERR_NOT_FOUND, err return ERR_NOT_FOUND, err
} }
@ -33,7 +36,7 @@ func (db *appdbimpl) PostComment(uid string, photo_id int64, comment_user string
func (db *appdbimpl) GetCommentOwner(uid string, photo_id int64, comment_id int64) (QueryResult, string, error) { func (db *appdbimpl) GetCommentOwner(uid string, photo_id int64, comment_id int64) (QueryResult, string, error) {
// Check if the photo exists, as it exist but have no comments // Check if the photo exists, as it may exist but have no comments
exists, err := db.photoExists(uid, photo_id) exists, err := db.photoExists(uid, photo_id)
if err != nil || !exists { if err != nil || !exists {
return ERR_NOT_FOUND, "", err return ERR_NOT_FOUND, "", err
@ -84,7 +87,8 @@ func (db *appdbimpl) DeleteComment(uid string, photo_id int64, comment_id int64)
func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.Comment, error) { func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.Comment, error) {
// Check if the photo exists, as it exist but have no comments // Check if the photo exists, as it exist but have no comments
exists, err := db.photoExists(uid, photo_id) // this also checks if the author has banned the requesting user
exists, err := db.PhotoExists(uid, photo_id, requesting_uid)
if err != nil || !exists { if err != nil || !exists {
return ERR_NOT_FOUND, nil, err return ERR_NOT_FOUND, nil, err
} }

12
service/database/db-likes.go
View file

@ -8,8 +8,11 @@ import (
// Get the list of users who liked a photo // Get the list of users who liked a photo
func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.UIDName, error) { func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, limit int) (QueryResult, *[]structures.UIDName, error) {
// Check if the photo exists, as it could exist but have no likes // Check if the photo exists, as it could exist but have no likes.
exists, err := db.photoExists(uid, photo) //
// This also checks if the author has banned the requesting user
// as he should not be able to see anything related to his photos
exists, err := db.PhotoExists(uid, photo, requesting_uid)
if err != nil { if err != nil {
return ERR_INTERNAL, nil, err return ERR_INTERNAL, nil, err
} }
@ -52,7 +55,10 @@ func (db *appdbimpl) LikePhoto(uid string, photo int64, liker_uid string) (Query
// Check if the photo exists, as API specification requires // Check if the photo exists, as API specification requires
// photos to be identified also by the user who posted them. // photos to be identified also by the user who posted them.
// But our DB implementation only requires the photo id. // But our DB implementation only requires the photo id.
exists, err := db.photoExists(uid, photo) //
// This also checks if the author of the photo has banned the requesting user
// as he should not be able to like his photos
exists, err := db.PhotoExists(uid, photo, liker_uid)
if err != nil || !exists { if err != nil || !exists {
return ERR_NOT_FOUND, err return ERR_NOT_FOUND, err
} }