diff options
author | Vitaly Takmazov | 2018-03-29 11:27:31 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2018-03-29 11:27:31 +0300 |
commit | 42af9310f0c195a68212cd9d06f2a3f06a402891 (patch) | |
tree | 40603ffa6164c270866506cd30a43d3c73f6eb44 /juick-www/src/main/java | |
parent | c23b3fa4b938b7ba8e09f34f5e58ad5269f19f26 (diff) |
www: banned users should not post
Diffstat (limited to 'juick-www/src/main/java')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/controllers/NewMessage.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java index 585a4906..7c378930 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java +++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java @@ -106,6 +106,9 @@ public class NewMessage { @RequestParam(required = false, name = "tags") String tagsStr, @RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.getUid() == 0 || visitor.isBanned()) { + throw new HttpForbiddenException(); + } if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) { throw new HttpBadRequestException(); } @@ -206,6 +209,9 @@ public class NewMessage { @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.getUid() == 0 || visitor.isBanned()) { + throw new HttpForbiddenException(); + } com.juick.Message msg = messagesService.getMessage(mid); if (msg == null) { throw new HttpNotFoundException(); |