Skip to content

Commit

Permalink
bugfix:1. 修复加密文章访问,非作者和管理员不能访问的问题。还有密码修改文案。 resolves #849 (#867)
Browse files Browse the repository at this point in the history
  • Loading branch information
Go-Go-Farther authored Jun 19, 2023
1 parent c8f7a2a commit 452577c
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 17 deletions.
2 changes: 1 addition & 1 deletion conf/lang/en-us.ini
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@ prev = prev
next = next
no = no
edit_title = Edit Blog
private_blog_tips = Private blog is accessible only to author and administrator
private_blog_tips = Private blog, please enter password to access

[doc]
modify_doc = Modify Document
Expand Down
2 changes: 1 addition & 1 deletion conf/lang/zh-cn.ini
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@ prev = 上一篇
next = 下一篇
no = 无
edit_title = 编辑文章
private_blog_tips = 加密文章,仅作者和管理员可访问
private_blog_tips = 加密文章,请输入密码访问

[doc]
modify_doc = 修改文档
Expand Down
19 changes: 5 additions & 14 deletions controllers/BlogController.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,23 +56,14 @@ func (c *BlogController) Index() {
if blog.BlogStatus == "password" && password != blog.Password {
c.JsonResult(6001, i18n.Tr(c.Lang, "message.blog_pwd_incorrect"))
} else if blog.BlogStatus == "password" && password == blog.Password {
// If the password is correct, then determine whether the user is correct
if c.Member != nil && (blog.MemberId == c.Member.MemberId || c.Member.IsAdministrator()) {
/* Private blog is accessible only to author and administrator.
Anonymous users are not allowed access. */
// Store the session value
_ = c.CruSession.Set(context.TODO(), blogReadSession, blogId)
c.JsonResult(0, "OK")
} else {
c.JsonResult(6002, i18n.Tr(c.Lang, "blog.private_blog_tips"))
}
// Store the session value for the next GET request.
_ = c.CruSession.Set(context.TODO(), blogReadSession, blogId)
c.JsonResult(0, "OK")
} else {
c.JsonResult(0, "OK")
}
} else if blog.BlogStatus == "password" &&
(c.CruSession.Get(context.TODO(), blogReadSession) == nil || // Read session doesn't exist
c.Member == nil || // Anonymous, Not Allow
(blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { // User isn't author or administrator
} else if blog.BlogStatus == "password" && c.CruSession.Get(context.TODO(), blogReadSession) == nil && // Read session doesn't exist
(c.Member == nil || (blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { // User isn't author or administrator
//如果不存在已输入密码的标记
c.TplName = "blog/index_password.tpl"
}
Expand Down
2 changes: 1 addition & 1 deletion views/setting/password.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<span id="form-error-message" class="error-message"></span>
</div>
<div class="form-group">
<button type="submit" class="btn btn-success" data-loading-text="{{i18n .Lang "message.processing"}}">{{i18n .Lang "message.save"}}</button>
<button type="submit" class="btn btn-success" data-loading-text="{{i18n .Lang "message.processing"}}">{{i18n .Lang "common.save"}}</button>
</div>
</form>
</div>
Expand Down

0 comments on commit 452577c

Please sign in to comment.