aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick')
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Messages.java6
-rw-r--r--juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java22
2 files changed, 28 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/Messages.java b/juick-server/src/main/java/com/juick/server/api/Messages.java
index d7c07391..db6463dd 100644
--- a/juick-server/src/main/java/com/juick/server/api/Messages.java
+++ b/juick-server/src/main/java/com/juick/server/api/Messages.java
@@ -24,10 +24,12 @@ import com.juick.server.Utils;
import com.juick.server.component.MessageReadEvent;
import com.juick.server.helpers.CommandResult;
import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpNotFoundException;
import com.juick.server.util.UserUtils;
import com.juick.service.MessagesService;
import com.juick.service.TagService;
import com.juick.service.UserService;
+import com.juick.service.security.entities.JuickUser;
import org.apache.commons.io.IOUtils;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.http.HttpStatus;
@@ -167,6 +169,10 @@ public class Messages {
if (!messagesService.canViewThread(mid, visitor.getUid())) {
return FORBIDDEN;
} else {
+ JuickUser juickUser = new JuickUser(userService.getUserByName(msg.getUser().getName()));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
msg.setRecommendations(new HashSet<>(messagesService.getMessageRecommendations(msg.getMid())));
List<com.juick.Message> replies = messagesService.getReplies(visitor, mid);
if (!visitor.isAnonymous()) {
diff --git a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
index 807f4a9d..125e4f63 100644
--- a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
@@ -20,6 +20,8 @@ package com.juick.service;
import com.juick.*;
import com.juick.server.helpers.PrivacyOpts;
import com.juick.server.helpers.ResponseReply;
+import com.juick.server.util.HttpNotFoundException;
+import com.juick.service.security.entities.JuickUser;
import com.juick.util.MessageUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
@@ -649,6 +651,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("before", before);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT message_id FROM messages WHERE user_id = :uid" +
(before > 0 ?
@@ -667,6 +674,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("before", before);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT messages.message_id FROM messages_tags INNER JOIN messages " +
" USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " +
@@ -685,6 +697,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("daysback", daysback);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT message_id FROM messages WHERE user_id = :uid" +
(daysback > 0 ?
@@ -703,6 +720,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("before", before);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT message_id FROM " +
"(SELECT message_id FROM favorites " +