Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bugfix:1. 修复加密文章访问,非作者和管理员不能访问的问题。还有密码修改文案。 resolves mindoc-org/mindo… #867

Merged
merged 1 commit into from
Jun 19, 2023
Merged

bugfix:1. 修复加密文章访问,非作者和管理员不能访问的问题。还有密码修改文案。 resolves mindoc-org/mindo… #867

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion conf/lang/en-us.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@ prev = prev
next = next
no = no
edit_title = Edit Blog
private_blog_tips = Private blog is accessible only to author and administrator
private_blog_tips = Private blog, please enter password to access

[doc]
modify_doc = Modify Document
Expand Down
2 changes: 1 addition & 1 deletion conf/lang/zh-cn.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@ prev = 上一篇
next = 下一篇
no = 无
edit_title = 编辑文章
private_blog_tips = 加密文章,仅作者和管理员可访问
private_blog_tips = 加密文章,请输入密码访问

[doc]
modify_doc = 修改文档
Expand Down
19 changes: 5 additions & 14 deletions controllers/BlogController.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,23 +56,14 @@ func (c *BlogController) Index() {
if blog.BlogStatus == "password" && password != blog.Password {
c.JsonResult(6001, i18n.Tr(c.Lang, "message.blog_pwd_incorrect"))
} else if blog.BlogStatus == "password" && password == blog.Password {
// If the password is correct, then determine whether the user is correct
if c.Member != nil && (blog.MemberId == c.Member.MemberId || c.Member.IsAdministrator()) {
/* Private blog is accessible only to author and administrator.
Anonymous users are not allowed access. */
// Store the session value
_ = c.CruSession.Set(context.TODO(), blogReadSession, blogId)
c.JsonResult(0, "OK")
} else {
c.JsonResult(6002, i18n.Tr(c.Lang, "blog.private_blog_tips"))
}
// Store the session value for the next GET request.
_ = c.CruSession.Set(context.TODO(), blogReadSession, blogId)
c.JsonResult(0, "OK")
} else {
c.JsonResult(0, "OK")
}
} else if blog.BlogStatus == "password" &&
(c.CruSession.Get(context.TODO(), blogReadSession) == nil || // Read session doesn't exist
c.Member == nil || // Anonymous, Not Allow
(blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { // User isn't author or administrator
} else if blog.BlogStatus == "password" && c.CruSession.Get(context.TODO(), blogReadSession) == nil && // Read session doesn't exist
(c.Member == nil || (blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { // User isn't author or administrator
//如果不存在已输入密码的标记
c.TplName = "blog/index_password.tpl"
}
Expand Down
2 changes: 1 addition & 1 deletion views/setting/password.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<span id="form-error-message" class="error-message"></span>
</div>
<div class="form-group">
<button type="submit" class="btn btn-success" data-loading-text="{{i18n .Lang "message.processing"}}">{{i18n .Lang "message.save"}}</button>
<button type="submit" class="btn btn-success" data-loading-text="{{i18n .Lang "message.processing"}}">{{i18n .Lang "common.save"}}</button>
</div>
</form>
</div>
Expand Down