diff options
Diffstat (limited to 'juick-www/src/main/java/com/juick')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/controllers/NewMessage.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java index 585a4906..7c378930 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java +++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java @@ -106,6 +106,9 @@ public class NewMessage { @RequestParam(required = false, name = "tags") String tagsStr, @RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.getUid() == 0 || visitor.isBanned()) { + throw new HttpForbiddenException(); + } if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) { throw new HttpBadRequestException(); } @@ -206,6 +209,9 @@ public class NewMessage { @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.getUid() == 0 || visitor.isBanned()) { + throw new HttpForbiddenException(); + } com.juick.Message msg = messagesService.getMessage(mid); if (msg == null) { throw new HttpNotFoundException(); |