diff options
-rw-r--r-- | src/db.rs | 4 | ||||
-rw-r--r-- | src/handlers.rs | 28 | ||||
-rw-r--r-- | src/main.rs | 1 |
3 files changed, 31 insertions, 2 deletions
diff --git a/src/db.rs b/src/db.rs index 3641bddb5aa4..e7af0fdd4eb8 100644 --- a/src/db.rs +++ b/src/db.rs @@ -90,8 +90,8 @@ impl Handler<GetPost> for DbExecutor { /// Message used to update the content of a post. #[derive(Deserialize)] pub struct UpdatePost { - post_id: i32, - post: String, + pub post_id: i32, + pub post: String, } message!(UpdatePost, Result<Post>); diff --git a/src/handlers.rs b/src/handlers.rs index cbe4e4292b7c..feac6b864fce 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -224,6 +224,34 @@ pub fn edit_form(state: State<AppState>, .responder() } +/// This handler "executes" an edit to a post if the current user owns +/// the edited post. +pub fn edit_post(state: State<AppState>, + mut req: HttpRequest<AppState>, + update: Form<UpdatePost>) -> ConverseResponse { + let author: Option<Author> = req.session().get(AUTHOR) + .unwrap_or_else(|_| None); + + state.db.send(GetPost { id: update.post_id }) + .flatten() + .from_err() + .and_then(move |post| { + if let Some(author) = author { + if author.email.eq(&post.author_email) { + return Ok(()); + } + } + Err(ConverseError::PostEditForbidden { id: post.id }) + }) + .and_then(move |_| state.db.send(update.0).from_err()) + .flatten() + .map(|updated| HttpResponse::SeeOther() + .header("Location", format!("/thread/{}#post-{}", + updated.thread_id, updated.id)) + .finish()) + .responder() +} + /// This handler executes a full-text search on the forum database and /// displays the results to the user. pub fn search_forum(state: State<AppState>, diff --git a/src/main.rs b/src/main.rs index 55b19b0be7c7..30b371eaede5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -182,6 +182,7 @@ fn start_http_server(base_url: String, .resource("/thread/reply", |r| r.method(Method::POST).with3(reply_thread)) .resource("/thread/{id}", |r| r.method(Method::GET).with3(forum_thread)) .resource("/post/{id}/edit", |r| r.method(Method::GET).with3(edit_form)) + .resource("/post/edit", |r| r.method(Method::POST).with3(edit_post)) .resource("/search", |r| r.method(Method::GET).with2(search_forum)) .resource("/oidc/login", |r| r.method(Method::GET).with(login)) .resource("/oidc/callback", |r| r.method(Method::POST).with3(callback)); |