From 3ef9801a7591d9cbc0e92761e12843792900206f Mon Sep 17 00:00:00 2001 From: Go-Go-Farther Date: Sun, 26 Jun 2022 14:42:19 +0800 Subject: [PATCH] =?UTF-8?q?opt&bugfix:=201.=20=E7=A7=81=E5=AF=86=E6=96=87?= =?UTF-8?q?=E7=AB=A0=E9=AA=8C=E8=AF=81=E5=AF=86=E7=A0=81Post=E8=AF=B7?= =?UTF-8?q?=E6=B1=82=EF=BC=8C=E5=A2=9E=E5=8A=A0=E7=94=A8=E6=88=B7=E5=88=A4?= =?UTF-8?q?=E6=96=AD=EF=BC=9B2.=20=E5=AF=B9=E5=BA=94html=E9=A1=B5=E9=9D=A2?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=8F=90=E7=A4=BA=E6=96=87=E6=A1=88=EF=BC=8C?= =?UTF-8?q?=E9=98=B2=E6=AD=A2=E4=BD=BF=E7=94=A8=E8=80=85=E8=AF=AF=E8=A7=A3?= =?UTF-8?q?=EF=BC=9B3.=20=E4=BF=AE=E6=AD=A3=E5=8C=BF=E5=90=8D=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E4=B8=8D=E8=83=BD=E8=AE=BF=E9=97=AE=E7=A7=81=E5=AF=86?= =?UTF-8?q?=E6=96=87=E7=AB=A0=E3=80=82Fixes=20mindoc-org/mindoc#774?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/lang/en-us.ini | 1 + conf/lang/zh-cn.ini | 1 + controllers/BlogController.go | 19 +++++++++++++++---- views/blog/index_password.tpl | 2 +- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/conf/lang/en-us.ini b/conf/lang/en-us.ini index b03bd961..a09a7630 100644 --- a/conf/lang/en-us.ini +++ b/conf/lang/en-us.ini @@ -313,6 +313,7 @@ prev = prev next = next no = no edit_title = Edit Blog +private_blog_tips = Private blog is accessible only to author and administrator [doc] modify_doc = Modify Document diff --git a/conf/lang/zh-cn.ini b/conf/lang/zh-cn.ini index 75588975..eb2522f5 100644 --- a/conf/lang/zh-cn.ini +++ b/conf/lang/zh-cn.ini @@ -313,6 +313,7 @@ prev = 上一篇 next = 下一篇 no = 无 edit_title = 编辑文章 +private_blog_tips = 加密文章,仅作者和管理员可访问 [doc] modify_doc = 修改文档 diff --git a/controllers/BlogController.go b/controllers/BlogController.go index 79cae45a..008492f9 100644 --- a/controllers/BlogController.go +++ b/controllers/BlogController.go @@ -56,12 +56,23 @@ func (c *BlogController) Index() { if blog.BlogStatus == "password" && password != blog.Password { c.JsonResult(6001, i18n.Tr(c.Lang, "message.blog_pwd_incorrect")) } else if blog.BlogStatus == "password" && password == blog.Password { - //如果密码输入正确,则存入session中 - _ = c.CruSession.Set(context.TODO(), blogReadSession, blogId) + // If the password is correct, then determine whether the user is correct + if c.Member != nil && (blog.MemberId == c.Member.MemberId || c.Member.IsAdministrator()) { + /* Private blog is accessible only to author and administrator. + Anonymous users are not allowed access. */ + // Store the session value + _ = c.CruSession.Set(context.TODO(), blogReadSession, blogId) + c.JsonResult(0, "OK") + } else { + c.JsonResult(6002, i18n.Tr(c.Lang, "blog.private_blog_tips")) + } + } else { c.JsonResult(0, "OK") } - c.JsonResult(0, "OK") - } else if blog.BlogStatus == "password" && (c.CruSession.Get(context.TODO(), blogReadSession) == nil || (c.Member != nil && blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { + } else if blog.BlogStatus == "password" && + (c.CruSession.Get(context.TODO(), blogReadSession) == nil || // Read session doesn't exist + c.Member == nil || // Anonymous, Not Allow + (blog.MemberId != c.Member.MemberId && !c.Member.IsAdministrator())) { // User isn't author or administrator //如果不存在已输入密码的标记 c.TplName = "blog/index_password.tpl" } diff --git a/views/blog/index_password.tpl b/views/blog/index_password.tpl index 1952902b..babf3063 100644 --- a/views/blog/index_password.tpl +++ b/views/blog/index_password.tpl @@ -105,7 +105,7 @@
- + {{i18n .Lang "blog.private_blog_tips"}}