processCollectionPermissions checks the permissions for the given collectionReq, returning a Collection if access is granted; otherwise this renders any necessary collection pages, for example, if requesting a custom domain that doesn't yet have a collection associated, or if a collection requires a
(app *App, cr *collectionReq, u *User, w http.ResponseWriter, r *http.Request)
| 723 | // requires a password. In either case, this will return nil, nil -- thus both |
| 724 | // values should ALWAYS be checked to determine whether or not to continue. |
| 725 | func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.ResponseWriter, r *http.Request) (*Collection, error) { |
| 726 | // Display collection if this is a collection |
| 727 | var c *Collection |
| 728 | var err error |
| 729 | if app.cfg.App.SingleUser { |
| 730 | c, err = app.db.GetCollectionByID(1) |
| 731 | } else { |
| 732 | c, err = app.db.GetCollection(cr.alias) |
| 733 | } |
| 734 | // TODO: verify we don't reveal the existence of a private collection with redirection |
| 735 | if err != nil { |
| 736 | if err, ok := err.(impart.HTTPError); ok { |
| 737 | if err.Status == http.StatusNotFound { |
| 738 | if cr.isCustomDomain { |
| 739 | // User is on the site from a custom domain |
| 740 | //tErr := pages["404-domain.tmpl"].ExecuteTemplate(w, "base", pageForHost(page.StaticPage{}, r)) |
| 741 | //if tErr != nil { |
| 742 | //log.Error("Unable to render 404-domain page: %v", err) |
| 743 | //} |
| 744 | return nil, nil |
| 745 | } |
| 746 | if len(cr.alias) >= minIDLen && len(cr.alias) <= maxIDLen { |
| 747 | // Alias is within post ID range, so just be sure this isn't a post |
| 748 | if app.db.PostIDExists(cr.alias) { |
| 749 | // TODO: use StatusFound for vanity post URLs when we implement them |
| 750 | return nil, impart.HTTPError{http.StatusMovedPermanently, "/" + cr.alias} |
| 751 | } |
| 752 | } |
| 753 | // Redirect if necessary |
| 754 | newAlias := app.db.GetCollectionRedirect(cr.alias) |
| 755 | if newAlias != "" { |
| 756 | return nil, impart.HTTPError{http.StatusFound, "/" + newAlias + "/"} |
| 757 | } |
| 758 | } |
| 759 | } |
| 760 | return nil, err |
| 761 | } |
| 762 | c.hostName = app.cfg.App.Host |
| 763 | |
| 764 | // Update CollectionRequest to reflect owner status |
| 765 | cr.isCollOwner = u != nil && u.ID == c.OwnerID |
| 766 | |
| 767 | // Check permissions |
| 768 | if !cr.isCollOwner { |
| 769 | if c.IsPrivate() { |
| 770 | return nil, ErrCollectionNotFound |
| 771 | } else if c.IsProtected() { |
| 772 | uname := "" |
| 773 | if u != nil { |
| 774 | uname = u.Username |
| 775 | } |
| 776 | |
| 777 | // TODO: move this to all permission checks? |
| 778 | suspended, err := app.db.IsUserSilenced(c.OwnerID) |
| 779 | if err != nil { |
| 780 | log.Error("process protected collection permissions: %v", err) |
| 781 | return nil, err |
| 782 | } |
no test coverage detected