From a34350b62784d4332243ba40ffe928afd91f67d3 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 26 Apr 2019 16:40:58 +0300 Subject: Authorization checks are in spring-security for a while --- src/main/java/com/juick/server/api/Post.java | 28 ++++++---------------------- 1 file changed, 6 insertions(+), 22 deletions(-) (limited to 'src/main/java/com/juick/server/api/Post.java') diff --git a/src/main/java/com/juick/server/api/Post.java b/src/main/java/com/juick/server/api/Post.java index d49ec332..b575cef8 100644 --- a/src/main/java/com/juick/server/api/Post.java +++ b/src/main/java/com/juick/server/api/Post.java @@ -70,10 +70,6 @@ public class Post { @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws Exception { User visitor = UserUtils.getCurrentUser(); - - if (visitor.isAnonymous()) { - throw new HttpForbiddenException(); - } body = body.replace("\r", StringUtils.EMPTY); URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir); @@ -103,20 +99,16 @@ public class Post { public CommandResult doPostComment( @RequestParam(defaultValue = "0") int mid, @RequestParam(defaultValue = "0") int rid, - @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) final String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws Exception { User visitor = UserUtils.getCurrentUser(); - int vuid = visitor.getUid(); - if (vuid == 0) { - throw new HttpForbiddenException(); - } if (mid == 0) { throw new HttpBadRequestException(); } Optional message = messagesService.getMessage(mid); - if (!message.isPresent()) { + if (message.isEmpty()) { throw new HttpNotFoundException(); } @@ -129,10 +121,11 @@ public class Post { throw new HttpNotFoundException(); } } - body = body.replace("\r", StringUtils.EMPTY); - if ((msg.ReadOnly && msg.getUser().getUid() != vuid) || userService.isInBLAny(msg.getUser().getUid(), vuid) - || (reply != null && userService.isInBLAny(reply.getUser().getUid(), vuid))) { + if ((msg.ReadOnly && msg.getUser().getUid() != visitor.getUid()) + || userService.isInBLAny(msg.getUser().getUid(), visitor.getUid()) + || (reply != null && userService.isInBLAny(reply.getUser().getUid(), visitor.getUid()))) { + // TODO: validator throw new HttpForbiddenException(); } @@ -158,9 +151,6 @@ public class Post { @ResponseStatus(value = HttpStatus.OK) public Status doPostRecomm(@RequestParam Integer mid) throws Exception { com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.isAnonymous()) { - throw new HttpForbiddenException(); - } Optional message = messagesService.getMessage(mid); if (!message.isPresent()) { throw new HttpNotFoundException(); @@ -178,9 +168,6 @@ public class Post { @ResponseStatus(value = HttpStatus.OK) public Status doPostSubscribe(@RequestParam Integer mid) throws Exception { com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.isAnonymous()) { - throw new HttpForbiddenException(); - } Optional message = messagesService.getMessage(mid); if (!message.isPresent()) { throw new HttpNotFoundException(); @@ -207,9 +194,6 @@ public class Post { logger.info("got reaction with type: {}", reactionId); com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.isAnonymous()) { - throw new HttpForbiddenException(); - } Optional message = messagesService.getMessage(mid); if (!message.isPresent()) { throw new HttpNotFoundException(); -- cgit v1.2.3