From 42af9310f0c195a68212cd9d06f2a3f06a402891 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 29 Mar 2018 11:27:31 +0300 Subject: www: banned users should not post --- juick-www/src/main/java/com/juick/www/controllers/NewMessage.java | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'juick-www/src/main/java/com/juick/www') diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java index 585a4906..7c378930 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java +++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java @@ -106,6 +106,9 @@ public class NewMessage { @RequestParam(required = false, name = "tags") String tagsStr, @RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.getUid() == 0 || visitor.isBanned()) { + throw new HttpForbiddenException(); + } if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) { throw new HttpBadRequestException(); } @@ -206,6 +209,9 @@ public class NewMessage { @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.getUid() == 0 || visitor.isBanned()) { + throw new HttpForbiddenException(); + } com.juick.Message msg = messagesService.getMessage(mid); if (msg == null) { throw new HttpNotFoundException(); -- cgit v1.2.3