Differences From
Artifact [2469fad253]:
175 175 if not post then
176 176 co:complain(404, 'post not found', 'no such post is known to this server')
177 177 return
178 178 end
179 179 defer post:free()
180 180
181 181 if path.ct == 3 then
182 - if path(2):cmp(lib.str.lit 'edit') then
183 - if post(0).author ~= co.who.id then
184 - co:complain(403, 'forbidden', 'you cannot edit other people\'s posts')
185 - return
186 - end
187 -
182 + var lnk: lib.str.acc lnk:compose('/post/', path(1))
183 + var lnkp = lnk:finalize() defer lnkp:free()
184 + if post(0).author ~= co.who.id then
185 + co:complain(403, 'forbidden', 'you cannot alter other people\'s posts')
186 + return
187 + elseif path(2):cmp(lib.str.lit 'edit') then
188 188 if meth == method.get then
189 189 lib.render.compose(co, post.ptr, nil)
190 190 return
191 191 elseif meth == method.post then
192 192 var newbody = co:postv('post')._0
193 193 var newacl = co:postv('acl')._0
194 194 var newsubj = co:postv('subject')._0
195 195 if newbody ~= nil then post(0).body = newbody end
196 196 if newacl ~= nil then post(0).acl = newacl end
197 197 if newsubj ~= nil then post(0).subject = newsubj end
198 198 post(0):save(true)
199 -
200 - var lnk: lib.str.acc lnk:compose('/post/', path(1))
201 - co:reroute(lnk.buf)
202 - lnk:free()
199 + co:reroute(lnkp.ptr)
203 200 end
204 201 return
202 + elseif path(2):cmp(lib.str.lit 'del') then
203 + if meth == method.get then
204 + var conf = data.view.confirm {
205 + title = lib.str.plit 'delete post';
206 + query = lib.str.plit 'are you sure you want to delete this post?';
207 + cancel = lnkp
208 + }
209 + var body = conf:tostr() defer body:free()
210 + co:stdpage([lib.srv.convo.page] {
211 + title = lib.str.plit 'post :: delete';
212 + class = lib.str.plit 'query';
213 + body = body; cache = false;
214 + })
215 + return
216 + elseif meth == method.post then
217 + var act = co:ppostv('act')
218 + if act:cmp(lib.str.plit 'confirm') then
219 + post(0).source:post_destroy(post(0).id)
220 + co:reroute('/') -- TODO maybe return to parent or conversation if possible
221 + return
222 + else goto badop end
223 + end
205 224 else goto badurl end
206 225 end
207 226
208 - if meth == method.post then
209 - co:complain(405, 'invalid operation', 'the operation you have attempted on this post is not meaningful')
210 - return
211 - end
227 + if meth == method.post then goto badop end
212 228
213 229 lib.render.tweet_page(co, path, post.ptr)
214 230 do return end
215 231
216 - ::badurl:: co:complain(404, 'invalid URL', 'this URL does not reference extant content or functionality')
232 + ::badurl:: do co:complain(404, 'invalid URL', 'this URL does not reference extant content or functionality') return end
233 + ::badop :: do co:complain(405, 'invalid operation', 'the operation you have attempted on this post is not meaningful') return end
217 234 end
218 235
219 236 terra http.configure(co: &lib.srv.convo, path: hpath, meth: method.t)
220 237 var msg = pstring.null()
221 238 if meth == method.post and path.ct >= 1 then
222 239 var user_refresh = false var fail = false
223 240 if path(1):cmp(lib.str.lit 'profile') then
................................................................................
226 243 co.who.nym = co:postv('nym')._0
227 244 if co.who.bio ~= nil and @co.who.bio == 0 then co.who.bio = nil end
228 245 if co.who.nym ~= nil and @co.who.nym == 0 then co.who.nym = nil end
229 246 co.who.source:actor_save(co.who)
230 247 msg = lib.str.plit 'profile changes saved'
231 248 --user_refresh = true -- not really necessary here, actually
232 249 elseif path(1):cmp(lib.str.lit 'srv') then
250 + if not co.who.rights.powers.config() then goto nopriv end
251 + elseif path(1):cmp(lib.str.lit 'brand') then
252 + if not co.who.rights.powers.rebrand() then goto nopriv end
233 253 elseif path(1):cmp(lib.str.lit 'users') then
254 + if not co.who.rights.powers:affect_users() then goto nopriv end
255 +
234 256 elseif path(1):cmp(lib.str.lit 'sec') then
235 257 var act = co:ppostv('act')
236 258 if act:cmp(lib.str.plit 'invalidate') then
237 259 lib.dbg('setting user\'s cookie validation time to now')
238 260 co.who.source:auth_sigtime_user_alter(co.who.id, lib.osclock.time(nil))
239 261 -- the current session has been invalidated as well, so we need to immediately install a new authentication cookie with the same aid so the user doesn't need to log back in all over again
240 262 co:installkey('/conf/sec',co.aid)
................................................................................
250 272 var go,golen = co:getv('go')
251 273 if not fail and go ~= nil then
252 274 co:reroute(go)
253 275 return
254 276 end
255 277 end
256 278 lib.render.conf(co,path,msg)
279 + do return end
280 +
281 + ::nopriv:: co:complain(403,'insufficient privileges','you do not have the necessary powers to perform this action')
257 282 end
258 283
259 284 do local branches = quote end
260 285 local filename, flen = symbol(&int8), symbol(intptr)
261 286 local page = symbol(lib.http.page)
262 287 local send = label()
263 288 local storage = data.stmap