backported some code from lang_de branch

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>

src/main/java/de/srsoftware/widerhall/web/Rest.java

@@ -62,16 +62,19 @@ public class Rest extends HttpServlet {
         return Map.of(SUCCESS,"Updated user permissions");
     }
 
-    private Map<String, Object> archive(HttpServletRequest req, User user) {
+    private Map<String,Object> archive(HttpServletRequest req, User user){
         var list = Util.getMailingList(req);
         if (list != null){
-            boolean userIsMod = list.mayBeAlteredBy(user);
             try {
-                var month = req.getParameter(MONTH);
+                var allEmails = user != null || list.hasState(STATE_OPEN_FOR_SUBSCRIBERS) || list.hasState(STATE_OPEN_FOR_GUESTS);
+                var limitedSenders = allEmails ? null : list.moderators().map(ListMember::user).map(User::email).toList();
+
+                String month = req.getParameter(MONTH);
+                boolean userIsMod = list.mayBeAlteredBy(user);
                 if (month == null || month.isBlank()) {
-                    return Map.of(LIST,list.email(),MODERATOR,userIsMod,"summary",Post.summarize(list));
+                    return Map.of(LIST,list.email(),MODERATOR,userIsMod,"summary",Post.summarize(list,limitedSenders));
                 } else {
-                    return Map.of(LIST,list.email(),MODERATOR,userIsMod,"posts",Post.find(list,month).stream().map(Post::safeMap).toList());
+                    return Map.of(LIST,list.email(),MODERATOR,userIsMod,"posts",Post.find(list,month,limitedSenders).stream().map(Post::safeMap).toList());
                 }
             } catch (SQLException e) {
                 e.printStackTrace();
@@ -173,6 +176,9 @@ public class Rest extends HttpServlet {
             json.put(USER,user.safeMap());
             switch (path) {
                 case LIST_ARCHIVE:
+                    var list = Util.getMailingList(req);
+                    var allowed = list.hasState(STATE_PUBLIC_ARCHIVE) || list.mayBeAlteredBy(user);
+                    if (!allowed) return t("Sie sind nicht berechtigt, das Archiv dieser Liste einzusehen!");
                     json.put("archive",archive(req,user));
                     break;
                 case USER_LIST:
@@ -196,7 +202,10 @@ public class Rest extends HttpServlet {
         } else {
             switch (path) {
                 case LIST_ARCHIVE:
-                    json.put("archive",archive(req, user));
+                    var list = Util.getMailingList(req);
+                    var allowed = list.hasState(STATE_PUBLIC_ARCHIVE);
+                    if (!allowed) return t("This mailing list has no public archive!");
+                    json.put("archive",archive(req,user));
                     break;
                 case LIST_SUBSCRIBABLE:
                     json.put("lists", MailingList.subscribable().stream().map(MailingList::minimalMap).toList());

src/main/java/de/srsoftware/widerhall/web/Web.java

@@ -282,7 +282,6 @@ public class Web extends TemplateServlet {
 
         if (user != null) data.put(USER,user.safeMap());
         if (list != null) data.put(LIST,list.minimalMap());
-        String notes = null;
         switch (path){
             case ARCHIVE:
                 return archive(req,resp);