StephanRichter/Widerhall
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

improved permission checks on archive

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2024-03-15 13:27:25 +01:00
parent 1b484760b9
commit 0a1e210503
3 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/de/srsoftware/widerhall/web/Web.java
View File

@@ -133,15 +133,18 @@ public class Web extends TemplateServlet {
}
}
private String archive(HttpServletRequest req, HttpServletResponse resp) {
private String archive(MailingList list, User user, HttpServletRequest req, HttpServletResponse resp) {
if (list == null) return t("The mailing list you are trying to view does not exist!");
var allowed = list.hasPublicArchive() || list.mayBeAlteredBy(user);
if (!allowed) return t("You are not allowed to access the archive of this list");
var map = new HashMap<String,Object>();
var list = Util.getMailingList(req);
map.put(LIST,list.email());
var month = req.getParameter(MONTH);
if (month != null && !month.isBlank()){
map.put(MONTH,month);
var user = Util.getUser(req);
map.put(MODERATOR,list.mayBeAlteredBy(user));
}
return loadTemplate(ARCHIVE,map,resp);
@@ -284,7 +287,7 @@ public class Web extends TemplateServlet {
if (list != null) data.put(LIST,list.minimalMap());
switch (path){
case ARCHIVE:
return archive(req,resp);
return archive(list,user,req,resp);
case CONFIRM:
return confirm(req,resp);
case POST: