mirrors/mycorrhiza
1
0
Fork 0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2025-10-30 23:23:04 +00:00
Code Issues Releases Wiki Activity

Categories: Do not let anons add to/remove from categories

Browse Source
This commit is contained in:
Timur Ismagilov
2022-03-26 18:31:13 +03:00
parent 0a273f55f4
commit 59bb34b920
2 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
user/user.go
View File

@@ -38,6 +38,8 @@ var minimalRights = map[string]int{
"edit": 1,
"upload-binary": 1,
"upload-text": 1,
"add-to-category": 1,
"remove-from-category": 1,
"rename": 2,
"remove-media": 2,
"update-header-links": 3,

12
web/categories.go
View File

@@ -2,9 +2,11 @@ package web
import (
"github.com/bouncepaw/mycorrhiza/hyphae/categories"
"github.com/bouncepaw/mycorrhiza/user"
"github.com/bouncepaw/mycorrhiza/util"
"github.com/bouncepaw/mycorrhiza/views"
"github.com/gorilla/mux"
"io"
"net/http"
)
@@ -34,6 +36,11 @@ func handlerRemoveFromCategory(w http.ResponseWriter, rq *http.Request) {
catName = util.CanonicalName(rq.PostFormValue("cat"))
redirectTo = rq.PostFormValue("redirect-to")
)
if !user.FromRequest(rq).CanProceed("remove-from-category") {
w.WriteHeader(http.StatusForbidden)
_, _ = io.WriteString(w, "403 Forbidden")
return
}
categories.RemoveHyphaFromCategory(hyphaName, catName)
http.Redirect(w, rq, redirectTo, http.StatusSeeOther)
}
@@ -45,6 +52,11 @@ func handlerAddToCategory(w http.ResponseWriter, rq *http.Request) {
catName = util.CanonicalName(rq.PostFormValue("cat"))
redirectTo = rq.PostFormValue("redirect-to")
)
if !user.FromRequest(rq).CanProceed("add-to-category") {
w.WriteHeader(http.StatusForbidden)
_, _ = io.WriteString(w, "403 Forbidden")
return
}
categories.AddHyphaToCategory(hyphaName, catName)
http.Redirect(w, rq, redirectTo, http.StatusSeeOther)
}