aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www/controllers
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-03-29 11:27:31 +0300
committerGravatar Vitaly Takmazov2018-03-29 11:27:31 +0300
commit42af9310f0c195a68212cd9d06f2a3f06a402891 (patch)
tree40603ffa6164c270866506cd30a43d3c73f6eb44 /juick-www/src/main/java/com/juick/www/controllers
parentc23b3fa4b938b7ba8e09f34f5e58ad5269f19f26 (diff)
www: banned users should not post
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/controllers')
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/NewMessage.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
index 585a4906..7c378930 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
@@ -106,6 +106,9 @@ public class NewMessage {
@RequestParam(required = false, name = "tags") String tagsStr,
@RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.getUid() == 0 || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
throw new HttpBadRequestException();
}
@@ -206,6 +209,9 @@ public class NewMessage {
@RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.getUid() == 0 || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
com.juick.Message msg = messagesService.getMessage(mid);
if (msg == null) {
throw new HttpNotFoundException();