about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--src/db.rs4
-rw-r--r--src/handlers.rs28
-rw-r--r--src/main.rs1
3 files changed, 31 insertions, 2 deletions
diff --git a/src/db.rs b/src/db.rs
index 3641bddb5aa4..e7af0fdd4eb8 100644
--- a/src/db.rs
+++ b/src/db.rs
@@ -90,8 +90,8 @@ impl Handler<GetPost> for DbExecutor {
 /// Message used to update the content of a post.
 #[derive(Deserialize)]
 pub struct UpdatePost {
-    post_id: i32,
-    post: String,
+    pub post_id: i32,
+    pub post: String,
 }
 
 message!(UpdatePost, Result<Post>);
diff --git a/src/handlers.rs b/src/handlers.rs
index cbe4e4292b7c..feac6b864fce 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -224,6 +224,34 @@ pub fn edit_form(state: State<AppState>,
         .responder()
 }
 
+/// This handler "executes" an edit to a post if the current user owns
+/// the edited post.
+pub fn edit_post(state: State<AppState>,
+                 mut req: HttpRequest<AppState>,
+                 update: Form<UpdatePost>) -> ConverseResponse {
+    let author: Option<Author> = req.session().get(AUTHOR)
+        .unwrap_or_else(|_| None);
+
+    state.db.send(GetPost { id: update.post_id })
+        .flatten()
+        .from_err()
+        .and_then(move |post| {
+            if let Some(author) = author {
+                if author.email.eq(&post.author_email) {
+                    return Ok(());
+                }
+            }
+            Err(ConverseError::PostEditForbidden { id: post.id })
+        })
+        .and_then(move |_| state.db.send(update.0).from_err())
+        .flatten()
+        .map(|updated| HttpResponse::SeeOther()
+             .header("Location", format!("/thread/{}#post-{}",
+                                         updated.thread_id, updated.id))
+             .finish())
+        .responder()
+}
+
 /// This handler executes a full-text search on the forum database and
 /// displays the results to the user.
 pub fn search_forum(state: State<AppState>,
diff --git a/src/main.rs b/src/main.rs
index 55b19b0be7c7..30b371eaede5 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -182,6 +182,7 @@ fn start_http_server(base_url: String,
             .resource("/thread/reply", |r| r.method(Method::POST).with3(reply_thread))
             .resource("/thread/{id}", |r| r.method(Method::GET).with3(forum_thread))
             .resource("/post/{id}/edit", |r| r.method(Method::GET).with3(edit_form))
+            .resource("/post/edit", |r| r.method(Method::POST).with3(edit_post))
             .resource("/search", |r| r.method(Method::GET).with2(search_forum))
             .resource("/oidc/login", |r| r.method(Method::GET).with(login))
             .resource("/oidc/callback", |r| r.method(Method::POST).with3(callback));