Fix private gist visibility (#128)

This commit is contained in:
Thomas Miceli 2023-10-04 18:47:50 +02:00 committed by GitHub
parent 632206e172
commit 6f587f4757
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -18,6 +18,8 @@ import (
func gistInit(next echo.HandlerFunc) echo.HandlerFunc { func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
return func(ctx echo.Context) error { return func(ctx echo.Context) error {
currUser := getUserLogged(ctx)
userName := ctx.Param("user") userName := ctx.Param("user")
gistName := ctx.Param("gistname") gistName := ctx.Param("gistname")
@ -27,6 +29,13 @@ func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
if err != nil { if err != nil {
return notFound("Gist not found") return notFound("Gist not found")
} }
if gist.Private == 2 {
if currUser == nil || currUser.ID != gist.UserID {
return notFound("Gist not found")
}
}
setData(ctx, "gist", gist) setData(ctx, "gist", gist)
if config.C.SshGit { if config.C.SshGit {
@ -72,7 +81,7 @@ func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
} }
setData(ctx, "nbCommits", nbCommits) setData(ctx, "nbCommits", nbCommits)
if currUser := getUserLogged(ctx); currUser != nil { if currUser != nil {
hasLiked, err := currUser.HasLiked(gist) hasLiked, err := currUser.HasLiked(gist)
if err != nil { if err != nil {
return errorRes(500, "Cannot get user like status", err) return errorRes(500, "Cannot get user like status", err)