aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-08-31 11:12:30 +0300
committerGravatar Vitaly Takmazov2018-08-31 11:21:33 +0300
commit4f94886884b47e19f16da5b987ef1a740b29456e (patch)
treeb9fdacd1b9376437384d143efe7dacd715b954e6 /juick-server/src
parent19e259aebc19f29228982fd4f071a50509cb7d76 (diff)
banned user messages are not visible to others
Diffstat (limited to 'juick-server/src')
-rw-r--r--juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java5
-rw-r--r--juick-server/src/test/java/com/juick/server/tests/ServerTests.java16
2 files changed, 19 insertions, 2 deletions
diff --git a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
index e2958112..c86e3736 100644
--- a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
@@ -450,7 +450,7 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
")") +
" AND NOT EXISTS (SELECT 1 FROM bl_tags bt WHERE bt.tag_id IN " +
"(SELECT tag_id FROM messages_tags WHERE message_id = m.message_id) and :visitorUid = bt.user_id)" +
- " AND NOT EXISTS (SELECT 1 from users u WHERE u.banned = 1 and u.id = m.user_id) ORDER BY m.message_id DESC LIMIT 20",
+ " AND NOT EXISTS (SELECT 1 from users u WHERE u.banned = 1 and u.id = m.user_id and u.id <> :visitorUid) ORDER BY m.message_id DESC LIMIT 20",
sqlParameterSource,
Integer.class);
}
@@ -633,7 +633,7 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
" AND m.attach IS NOT NULL " +
" AND NOT EXISTS (SELECT 1 FROM bl_tags bt WHERE bt.tag_id IN " +
"(SELECT tag_id FROM messages_tags WHERE message_id = m.message_id) and :vid = bt.user_id)" +
- " AND NOT EXISTS (SELECT 1 from users u WHERE u.banned = 1 and u.id = m.user_id) " +
+ " AND NOT EXISTS (SELECT 1 from users u WHERE u.banned = 1 and u.id = m.user_id and u.id <> :vid) " +
" AND NOT EXISTS (SELECT 1 FROM bl_users b WHERE b.user_id = :vid and b.bl_user_id = m.user_id) " +
" ORDER BY m.message_id DESC LIMIT 20",
sqlParameterSource,
@@ -887,6 +887,7 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
"LEFT JOIN users qu ON qw.user_id=qu.id " +
"LEFT JOIN users mu ON m.user_id=mu.id " +
"WHERE replies.message_id = :mid " +
+ "AND NOT EXISTS (SELECT 1 from users u WHERE u.banned = 1 and u.id = replies.user_id and u.id <> :uid)" +
"AND NOT EXISTS (SELECT 1 FROM banned WHERE banned.reply_id = replies.reply_id) " +
"AND NOT EXISTS (SELECT 1 FROM bl_users b WHERE b.user_id = :uid AND b.bl_user_id = m.user_id) " +
"ORDER BY replies.reply_id ASC",
diff --git a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
index 70555fca..c6d1bc1a 100644
--- a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
@@ -1303,4 +1303,20 @@ public class ServerTests {
assertThat(messagesService.getMessage(mid).getLikes(), is(3));
assertThat(CollectionUtils.isEqualCollection(messagesService.getMessageRecommendations(mid), Arrays.asList("fmap", "ermine")), is(true));
}
+ @Test
+ public void bannedUserShouldNotBeVisibleToOthers() {
+ jdbcTemplate.execute("DELETE FROM messages");
+ int casualUserId = userService.createUser("user", "secret");
+ int bannedUserId = userService.createUser("banned", "banned");
+ jdbcTemplate.update("UPDATE users SET banned=1 WHERE id=?", bannedUserId);
+ messagesService.createMessage(bannedUserId, "KURWA", null, Collections.emptyList());
+ assertThat(messagesService.getAll(casualUserId, 0).size(), is(0));
+ assertThat(messagesService.getAll(bannedUserId, 0).size(), is(1));
+ int mid = messagesService.createMessage(casualUserId, "PEACE", null, Collections.emptyList());
+ User banned = userService.getUserByName("banned");
+ int bannedRid = messagesService.createReply(mid, 0, banned, "KURWA", null);
+ int casualRid = messagesService.createReply(mid, 0, userService.getUserByName("user"), "DOOR", null);
+ assertThat(messagesService.getReplies(AnonymousUser.INSTANCE, mid).size(), is(1));
+ assertThat(messagesService.getReplies(banned, mid).size(), is(2));
+ }
}