mirror of https://github.com/mindoc-org/mindoc.git
opt&bugfix: 1. 私密文章验证密码Post请求,增加用户判断;2. 对应html页面增加提示文案,防止使用者误解;3. 修正匿名用户不能访问私密文章。Fixes mindoc-org/mindoc#774
parent
edc96294e6
commit
3ef9801a75
|
@ -313,6 +313,7 @@ prev = prev
|
|||
next = next
|
||||
no = no
|
||||
edit_title = Edit Blog
|
||||
private_blog_tips = Private blog is accessible only to author and administrator
|
||||
|
||||
[doc]
|
||||
modify_doc = Modify Document
|
||||
|
|
|
@ -313,6 +313,7 @@ prev = 上一篇
|
|||
next = 下一篇
|
||||
no = 无
|
||||
edit_title = 编辑文章
|
||||
private_blog_tips = 加密文章,仅作者和管理员可访问
|
||||
|
||||
[doc]
|
||||
modify_doc = 修改文档
|
||||
|
|
|
@ -56,12 +56,23 @@ func (c *BlogController) Index() {
|
|||
if blog.BlogStatus == "password" && password != blog.Password {
|
||||
c.JsonResult(6001, i18n.Tr(c.Lang, "message.blog_pwd_incorrect"))
|
||||
} else if blog.BlogStatus == "password" && password == blog.Password {
|
||||
//如果密码输入正确,则存入session中
|
||||
_ = c.CruSession.Set(context.TODO(), blogReadSession, blogId)
|
||||
// If the password is correct, then determine whether the user is correct
|
||||
if c.Member != nil && (blog.MemberId == c.Member.MemberId || c.Member.IsAdministrator()) {
|
||||
/* Private blog is accessible only to author and administrator.
|
||||
Anonymous users are not allowed access. */
|
||||
// Store the session value
|
||||
_ = c.CruSession.Set(context.TODO(), blogReadSession, blogId)
|
||||
c.JsonResult(0, "OK")
|
||||
} else {
|
||||
c.JsonResult(6002, i18n.Tr(c.Lang, "blog.private_blog_tips"))
|
||||
}
|
||||
} else {
|
||||
c.JsonResult(0, "OK")
|
||||
}
|
||||
c.JsonResult(0, "OK")
|
||||
} else if blog.BlogStatus == "password" && (c.CruSession.Get(context.TODO(), blogReadSession) == nil || (c.Member != nil && blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) {
|
||||
} else if blog.BlogStatus == "password" &&
|
||||
(c.CruSession.Get(context.TODO(), blogReadSession) == nil || // Read session doesn't exist
|
||||
c.Member == nil || // Anonymous, Not Allow
|
||||
(blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { // User isn't author or administrator
|
||||
//如果不存在已输入密码的标记
|
||||
c.TplName = "blog/index_password.tpl"
|
||||
}
|
||||
|
|
|
@ -105,7 +105,7 @@
|
|||
<input type="password" name="password" placeholder="{{i18n .Lang "blog.access_pass"}}" class="inp"/>
|
||||
</div>
|
||||
<div class="btn">
|
||||
<span id="error" style="color: #919191; font-size: 13px;"></span>
|
||||
<span id="error" style="color: #919191; font-size: 13px;">{{i18n .Lang "blog.private_blog_tips"}}</span>
|
||||
<input type="submit" value="{{i18n .Lang "doc.commit"}}" class="button"/>
|
||||
</div>
|
||||
<div class="clear"></div>
|
||||
|
|
Loading…
Reference in New Issue