Differences From
Artifact [bb5bfba2ee]:
254 254 end
255 255 end
256 256 defer post:free() -- NOP on null
257 257
258 258 if path.ct == 3 then
259 259 var lnk: lib.str.acc lnk:compose('/post/', path(1))
260 260 var lnkp = lnk:finalize() defer lnkp:free()
261 - if post:ref() and post(0).author ~= co.who.id then
261 + if post:ref() and path(2):cmp(lib.str.lit 'snitch') then
262 + if meth_get(meth) then
263 + var ui = data.view.report {
264 + badtweet = lib.render.tweet(co, post.ptr, nil);
265 + clnk = lnkp;
266 + }
267 +
268 + co:stdpage([lib.srv.convo.page] {
269 + title = 'post :: report';
270 + class = 'report';
271 + body = ui:poolstr(&co.srv.pool);
272 + cache = false;
273 + })
274 + else
275 + end
276 + return
277 + elseif post:ref() and post(0).author ~= co.who.id then
262 278 co:complain(403, 'forbidden', 'you cannot alter other people\'s posts')
263 279 return
264 280 elseif post:ref() and path(2):cmp(lib.str.lit 'edit') then
265 281 if not co:assertpow('edit') then return end
266 282 if meth_get(meth) then
267 283 lib.render.compose(co, post.ptr, nil)
268 284 return
................................................................................
289 305 else
290 306 conf = data.view.confirm {
291 307 title = 'cancel retweet';
292 308 query = 'are you sure you want to undo this retweet?';
293 309 cancel = '/';
294 310 }
295 311 end
296 - var fr = co.srv.pool:frame()
297 312 var body = conf:poolstr(&co.srv.pool) --defer body:free()
298 313 co:stdpage([lib.srv.convo.page] {
299 314 title = 'post :: delete';
300 315 class = 'query';
301 316 body = body; cache = false;
302 317 })
303 - co.srv.pool:reset(fr)
304 318 return
305 319 elseif meth == method.post then
306 320 var act = co:ppostv('act')
307 - if act:cmp( 'confirm') then
321 + if act:cmp('confirm') then
308 322 if post:ref() then
309 - post(0).source:post_destroy(post(0).id)
323 + post().source:post_destroy(post().id)
310 324 elseif rt.kind ~= 0 then
311 325 co.srv:post_act_cancel(pid)
312 326 end
313 327 co:reroute('/') -- TODO maybe return to parent or conversation if possible
314 328 return
315 329 else goto badop end
316 330 end
................................................................................
480 494 path(1):cmp('brand')
481 495 ) then goto nopriv
482 496
483 497 elseif not co.who.rights.powers.account() and (
484 498 path(1):cmp('profile') or
485 499 path(1):cmp('sec') or
486 500 path(1):cmp('avi') or
487 - path(1):cmp('ui')
501 + path(1):cmp('ui') or
502 + path(1):cmp('circles')
488 503 ) then goto nopriv
489 504
490 505 elseif not co.who.rights.powers:affect_users() and (
491 506 path(1):cmp(lib.str.lit 'users')
492 507 ) then goto nopriv end
493 508 end
494 509
495 510 if meth == method.post and path.ct >= 1 then
496 511 var user_refresh = false var fail = false
497 - if path(1):cmp(lib.str.lit 'profile') then
512 + if path(1):cmp('profile') then
498 513 lib.dbg('updating profile')
499 514 co.who.bio = co:postv('bio')._0
500 515 co.who.nym = co:postv('nym')._0
501 516 if co.who.bio ~= nil and @co.who.bio == 0 then co.who.bio = nil end
502 517 if co.who.nym ~= nil and @co.who.nym == 0 then co.who.nym = nil end
503 518 co.who.source:actor_save(co.who)
504 519
................................................................................
519 534 co.ui_hue = nhue
520 535 end
521 536 end
522 537 if resethue then
523 538 co.srv:actor_conf_int_reset(co.who.id, 'ui-accent')
524 539 co.ui_hue = co.srv.cfg.ui_hue
525 540 end
541 +
542 + var aclfollow = co:ppostv('acl-follow')
543 + var aclfollowreq = co:ppostv('acl-follow-req')
544 + if aclfollow:ref() and aclfollow.ct > 0 then
545 + co.srv:actor_conf_str_set(co.who.id, 'acl-follow', aclfollow)
546 + end
547 + if aclfollowreq:ref() and aclfollowreq.ct > 0 then
548 + co.srv:actor_conf_str_set(co.who.id, 'acl-follow-req', aclfollowreq)
549 + end
526 550
527 551 msg = 'profile changes saved'
528 552 --user_refresh = true -- not really necessary here, actually
529 553
530 554 elseif path(1):cmp('sec') then
531 555 if not credsec_for_uid(co, co.who.id) then return end
532 556 elseif path(1):cmp('avi') then
533 557 var act = co:ppostv('act')
534 558 if act:ref() and act:cmp('clear') then
535 559 co.who.avatarid = 0
536 560 co.who.source:actor_save(co.who)
537 561 msg = 'avatar reset to default'
538 562 else goto badop end
563 + elseif path(1):cmp('circles') then
564 + if meth == method.post then
565 + var act = co:ppostv('act')
566 + if path.ct == 2 and act:cmp('create') then
567 + var newcirc = co:ppostv('name')
568 + if newcirc.ct > 0 then
569 + co.srv:circle_create(co.who.id, newcirc)
570 + end
571 + elseif path.ct == 3 and act:cmp('del') then
572 + var id, ok = lib.math.shorthand.parse(path(2).ptr,path(2).ct)
573 + if not ok then goto e404 end
574 + co.srv:circle_destroy(co.who.id, id)
575 + co:reroute('/conf/circles')
576 + return
577 + else goto badop end
578 + end
539 579 elseif path(1):cmp('users') then
540 580 if path.ct >= 3 then
541 581 var userid, ok = lib.math.shorthand.parse(path(2).ptr, path(2).ct)
542 582 if ok then
543 583 var usr = co.srv:actor_fetch_uid(userid)
544 584 if usr:ref() then --defer usr:free()
545 585 if not co.who:overpowers(usr.ptr) then
................................................................................
674 714 end
675 715 end
676 716 lib.render.conf(co,path,msg)
677 717 do return end
678 718
679 719 ::nopriv:: do co:complain(403,'insufficient privileges','you do not have the necessary powers to perform this action') return end
680 720 ::badop:: do co:complain(400,'bad request','the operation you have requested is not meaningful in this context') return end
721 + ::e404:: do co:complain(404,'not found','the resource you have requested is not known to this server') return end
681 722 end
682 723
683 724 terra http.user_notices(co: &lib.srv.convo, meth: method.t)
684 725 if meth == method.post then
685 726 var act = co:ppostv('act')
686 727 if act:cmp('clear') then
687 728 co.srv:actor_conf_int_set(co.who.id, 'notice-clear-time', lib.osclock.time(nil))
................................................................................
848 889 -- we run through those first before giving up and parsing the URI
849 890 if uri.ptr == nil or uri.ptr[0] ~= @'/' then
850 891 co:complain(404, 'what the hell', 'how did you do that')
851 892 elseif uri.ct == 1 then -- root
852 893 if (co.srv.cfg.pol_sec == lib.srv.secmode.private or
853 894 co.srv.cfg.pol_sec == lib.srv.secmode.lockdown) and co.aid == 0 then
854 895 http.login_form(co, meth)
855 - else http.timeline(co, hpath {ptr=nil}) end
896 + else http.timeline(co, hpath {ptr=nil,ct=0}) end
856 897 elseif uri.ptr[1] == @'@' then
857 898 http.actor_profile_xid(co, uri, meth)
858 899 elseif uri.ptr[1] == @'s' and uri.ptr[2] == @'/' and uri.ct > 3 then
859 900 if not meth_get(meth) then goto wrongmeth end
860 901 if not http.static_content(co, uri.ptr + 3, uri.ct - 3) then goto notfound end
861 902 elseif lib.str.ncmp('/avi/', uri.ptr, 5) == 0 then
862 903 http.local_avatar(co, [lib.mem.ptr(int8)] {ptr = uri.ptr + 5, ct = uri.ct - 5})
863 904 elseif lib.str.ncmp('/file/', uri.ptr, 6) == 0 then
864 905 http.file_serve_raw(co, [lib.mem.ptr(int8)] {ptr = uri.ptr + 6, ct = uri.ct - 6})
865 - elseif uri:cmp( '/notices') then
906 + elseif uri:cmp('/notices') then
866 907 if co.aid == 0 then co:reroute('/login') return end
867 908 http.user_notices(co,meth)
868 - elseif uri:cmp( '/compose') then
909 + elseif uri:cmp('/compose') then
869 910 if co.aid == 0 then co:reroute('/login') return end
870 911 http.post_compose(co,meth)
871 912 elseif uri:cmp( '/login') then
872 913 if co.aid == 0
873 914 then http.login_form(co, meth)
874 915 else co:reroute('/')
875 916 end