diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/api/Messages.java | 6 | ||||
-rw-r--r-- | juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java | 22 |
2 files changed, 28 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/Messages.java b/juick-server/src/main/java/com/juick/server/api/Messages.java index d7c07391..db6463dd 100644 --- a/juick-server/src/main/java/com/juick/server/api/Messages.java +++ b/juick-server/src/main/java/com/juick/server/api/Messages.java @@ -24,10 +24,12 @@ import com.juick.server.Utils; import com.juick.server.component.MessageReadEvent; import com.juick.server.helpers.CommandResult; import com.juick.server.util.HttpBadRequestException; +import com.juick.server.util.HttpNotFoundException; import com.juick.server.util.UserUtils; import com.juick.service.MessagesService; import com.juick.service.TagService; import com.juick.service.UserService; +import com.juick.service.security.entities.JuickUser; import org.apache.commons.io.IOUtils; import org.springframework.context.ApplicationEventPublisher; import org.springframework.http.HttpStatus; @@ -167,6 +169,10 @@ public class Messages { if (!messagesService.canViewThread(mid, visitor.getUid())) { return FORBIDDEN; } else { + JuickUser juickUser = new JuickUser(userService.getUserByName(msg.getUser().getName())); + if (!juickUser.isEnabled()) { + throw new HttpNotFoundException(); + } msg.setRecommendations(new HashSet<>(messagesService.getMessageRecommendations(msg.getMid()))); List<com.juick.Message> replies = messagesService.getReplies(visitor, mid); if (!visitor.isAnonymous()) { diff --git a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java index 807f4a9d..125e4f63 100644 --- a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java +++ b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java @@ -20,6 +20,8 @@ package com.juick.service; import com.juick.*; import com.juick.server.helpers.PrivacyOpts; import com.juick.server.helpers.ResponseReply; +import com.juick.server.util.HttpNotFoundException; +import com.juick.service.security.entities.JuickUser; import com.juick.util.MessageUtils; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; @@ -649,6 +651,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ .addValue("privacy", privacy) .addValue("before", before); + JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new)); + if (!juickUser.isEnabled()) { + throw new HttpNotFoundException(); + } + return getNamedParameterJdbcTemplate().queryForList( "SELECT message_id FROM messages WHERE user_id = :uid" + (before > 0 ? @@ -667,6 +674,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ .addValue("privacy", privacy) .addValue("before", before); + JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new)); + if (!juickUser.isEnabled()) { + throw new HttpNotFoundException(); + } + return getNamedParameterJdbcTemplate().queryForList( "SELECT messages.message_id FROM messages_tags INNER JOIN messages " + " USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " + @@ -685,6 +697,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ .addValue("privacy", privacy) .addValue("daysback", daysback); + JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new)); + if (!juickUser.isEnabled()) { + throw new HttpNotFoundException(); + } + return getNamedParameterJdbcTemplate().queryForList( "SELECT message_id FROM messages WHERE user_id = :uid" + (daysback > 0 ? @@ -703,6 +720,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ .addValue("privacy", privacy) .addValue("before", before); + JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new)); + if (!juickUser.isEnabled()) { + throw new HttpNotFoundException(); + } + return getNamedParameterJdbcTemplate().queryForList( "SELECT message_id FROM " + "(SELECT message_id FROM favorites " + |