Merge pull request #556 from chhsiao1981/read-write-permission

add read-write-permission for user-board and user-article.
Ptt-official-app · Oct 1, 2024 · 129597d · 129597d
2 parents 9572e6f + 14cd9a1
commit 129597d
Show file tree

Hide file tree

Showing 96 changed files with 2,132 additions and 663 deletions.
diff --git a/api/add_favorite_board.go b/api/add_favorite_board.go
@@ -48,9 +48,9 @@ func AddFavoriteBoard(remoteAddr string, userID bbs.UUserID, params interface{},
 		return nil, 500, err
 	}
 
-	_, statusCode, err = isBoardValidUser(boardID, c)
+	_, err = CheckUserBoardPermReadable(userID, boardID)
 	if err != nil {
-		return nil, statusCode, err
+		return nil, 403, err
 	}
 
 	bid, _, err := boardID.ToRaw()

diff --git a/api/add_favorite_board_test.go b/api/add_favorite_board_test.go
@@ -9,17 +9,28 @@ import (
 	"github.com/Ptt-official-app/go-pttbbs/testutil"
 	"github.com/Ptt-official-app/go-pttbbsweb/apitypes"
 	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
 )
 
 func TestAddFavoriteBoard(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
+	boardSummaries_b := []*bbs.BoardSummary{testBoardSummaryWhoAmI_b}
+	_, _, err := deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
+	if err != nil {
+		logrus.Errorf("TestAddFavoriteBoard: unable to deserializeBoardsAndUpdateDB: e: %v", err)
+	}
+
 	paramsLoad0 := &LoadGeneralBoardsParams{
 		StartIdx: "vFSt-Q@WhoAmI",
 	}
 
-	_, _, _ = LoadGeneralBoardsByClass("localhost", "SYSOP", paramsLoad0, nil)
+	result_i, _, err := LoadGeneralBoardsByClass("localhost", "SYSOP", paramsLoad0, nil)
+	result, _ := result_i.(*LoadGeneralBoardsResult)
+	logrus.Infof("TestAddFavoriteBoard: after LoadGeneralBoardsByClass: result: %v", result.List[0])
 
 	params0 := &AddFavoriteBoardParams{
 		FBoardID: "WhoAmI",

diff --git a/api/article_utils.go b/api/article_utils.go
@@ -91,9 +91,9 @@ func deserializeArticlesAndUpdateDB(userID bbs.UUserID, bboardID bbs.BBoardID, a
 	for _, each_b := range articleSummaries_b {
 		if each_b.Read {
 			each_db := &schema.UserReadArticle{
-				UserID:       userID,
-				ArticleID:    each_b.ArticleID,
-				UpdateNanoTS: updateNanoTS,
+				UserID:           userID,
+				ArticleID:        each_b.ArticleID,
+				ReadUpdateNanoTS: updateNanoTS,
 			}
 			userReadArticles = append(userReadArticles, each_db)
 
@@ -461,9 +461,9 @@ func setUserReadArticle(content [][]*types.Rune, userID bbs.UUserID, articleID b
 
 	// user read article
 	userReadArticle := &schema.UserReadArticle{
-		UserID:       userID,
-		ArticleID:    articleID,
-		UpdateNanoTS: updateNanoTS,
+		UserID:           userID,
+		ArticleID:        articleID,
+		ReadUpdateNanoTS: updateNanoTS,
 	}
 	_ = schema.UpdateUserReadArticle(userReadArticle)
 }

diff --git a/api/board_utils.go b/api/board_utils.go
@@ -70,9 +70,9 @@ func deserializeBoardsAndUpdateDB(userID bbs.UUserID, boardSummaries_b []*bbs.Bo
 
 		if each_b.Read {
 			each_db := &schema.UserReadBoard{
-				UserID:       userID,
-				BBoardID:     each_b.BBoardID,
-				UpdateNanoTS: updateNanoTS,
+				UserID:           userID,
+				BBoardID:         each_b.BBoardID,
+				ReadUpdateNanoTS: updateNanoTS,
 			}
 			userReadBoards = append(userReadBoards, each_db)
 		}
@@ -274,7 +274,7 @@ func checkUserReadBoard(userID bbs.UUserID, userBoardInfoMap map[bbs.BBoardID]*a
 	// the Read flag is set based on the existing db.UpdateNanoTS
 	for _, each := range dbResults {
 		eachBoardID := each.BBoardID
-		eachReadNanoTS := each.UpdateNanoTS
+		eachReadNanoTS := each.ReadUpdateNanoTS
 
 		eachBoardInfo, ok := userBoardInfoMap[eachBoardID]
 		if !ok {

diff --git a/api/create_article.go b/api/create_article.go
@@ -48,6 +48,11 @@ func CreateArticle(remoteAddr string, userID bbs.UUserID, params interface{}, pa
 		return nil, 500, err
 	}
 
+	err = CheckUserBoardPermPostable(userID, boardID)
+	if err != nil {
+		return nil, 403, err
+	}
+
 	theType := types.Utf8ToBig5(theParams.PostType)
 	theTitle := types.Utf8ToBig5(theParams.Title)
 	content := simplifyContent(theParams.Content)

diff --git a/api/create_article_test.go b/api/create_article_test.go
@@ -16,8 +16,13 @@ func TestCreateArticle(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	boardSummaries_b := []*bbs.BoardSummary{testBoardSummaryWhoAmI_b}
-	_, _, _ = deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
+	_, _, err := deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
+	if err != nil {
+		logrus.Errorf("TestCreateArticle: unable to deserializeBoardsAndUpdateDB: e: %v", err)
+	}
 
 	path0 := &CreateArticlePath{
 		FBoardID: "WhoAmI",

diff --git a/api/create_board.go b/api/create_board.go
@@ -49,6 +49,11 @@ func CreateBoard(remoteAddr string, userID bbs.UUserID, params interface{}, path
 		return nil, 400, ErrInvalidPath
 	}
 
+	err = CheckUserBoardPermCreatable(userID)
+	if err != nil {
+		return nil, 403, err
+	}
+
 	theClass := types.Utf8ToBig5(theParams.BrdClass)
 	theTitle := types.Utf8ToBig5(theParams.BrdTitle)
 

diff --git a/api/create_board_test.go b/api/create_board_test.go
@@ -15,6 +15,8 @@ func TestCreateBoard(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	path0 := &CreateBoardPath{
 		ClsBid: 2,
 	}

diff --git a/api/create_comment.go b/api/create_comment.go
@@ -48,6 +48,11 @@ func CreateComment(remoteAddr string, userID bbs.UUserID, params interface{}, pa
 	}
 	articleID := thePath.FArticleID.ToArticleID()
 
+	err = CheckUserBoardPermPostable(userID, boardID)
+	if err != nil {
+		return nil, 403, err
+	}
+
 	// content-dbcs
 	contentDBCS := types.Utf8ToBig5(theParams.Content)
 

diff --git a/api/create_comment_test.go b/api/create_comment_test.go
@@ -16,6 +16,8 @@ func TestCreateComment(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	boardSummaries_b := []*bbs.BoardSummary{testBoardSummaryWhoAmI_b}
 	_, _, _ = deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
 

diff --git a/api/delete_articles.go b/api/delete_articles.go
@@ -49,11 +49,29 @@ func DeleteArticles(remoteAddr string, userID bbs.UUserID, params interface{}, p
 		return nil, 500, err
 	}
 
+	userBoardPermReadable, err := CheckUserBoardPermReadable(userID, boardID)
+	if err != nil {
+		return nil, 403, err
+	}
+
 	var articleIDs []bbs.ArticleID
 	for _, articleID := range theParams.ArticleIDs {
 		articleIDs = append(articleIDs, articleID.ToArticleID())
 	}
 
+	articlePermMap, err := CheckUserArticlesPermDeletable(userID, boardID, articleIDs, userBoardPermReadable)
+	if err != nil {
+		return nil, 500, err
+	}
+	articleIDs = make([]bbs.ArticleID, 0, len(articleIDs))
+	for articleID, eachErr := range articlePermMap {
+		if eachErr != nil {
+			continue
+		}
+
+		articleIDs = append(articleIDs, articleID)
+	}
+
 	// to go-pttbbs
 	theParams_b := &pttbbsapi.DeleteArticlesParams{
 		ArticleIDs: articleIDs,
@@ -85,11 +103,6 @@ func DeleteArticles(remoteAddr string, userID bbs.UUserID, params interface{}, p
 	if err != nil {
 		return nil, 500, err
 	}
-	err = schema.DeleteUserReadArticles(boardID, result_b.ArticleIDs, updateNanoTS)
-	if err != nil {
-		return nil, 500, err
-	}
-
 	result = &DeleteArticlesResult{
 		Success:   true,
 		TokenUser: userID,

diff --git a/api/delete_articles_test.go b/api/delete_articles_test.go
@@ -15,6 +15,8 @@ func TestDeleteArticles(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	boardSummaries_b := []*bbs.BoardSummary{testBoardSummaryWhoAmI_b}
 	_, _, _ = deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
 

diff --git a/api/delete_comments_test.go b/api/delete_comments_test.go
@@ -17,6 +17,8 @@ func TestDeleteComments(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	boardSummaries_b := []*bbs.BoardSummary{testBoardSummarySYSOP_b}
 	_, _, _ = deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
 

diff --git a/api/edit_article.go b/api/edit_article.go
@@ -58,6 +58,12 @@ func EditArticleDetail(remoteAddr string, userID bbs.UUserID, params interface{}
 	}
 	articleID := thePath.FArticleID.ToArticleID()
 
+	// check permission
+	err = CheckUserArticlePermEditable(userID, boardID, articleID, true)
+	if err != nil {
+		return nil, 403, err
+	}
+
 	_, oldContentPrefix, oldSignatureDBCS, _, oldSZ, oldsum, statusCode, err := editArticleGetArticleContentInfo(userID, boardID, articleID, c, false)
 	if err != nil {
 		return nil, statusCode, err

diff --git a/api/edit_article_test.go b/api/edit_article_test.go
@@ -14,6 +14,8 @@ func TestEditArticleDetail(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	boardSummaries_b := []*bbs.BoardSummary{testBoardSummaryWhoAmI_b}
 	_, _, _ = deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
 

diff --git a/api/errors.go b/api/errors.go
@@ -1,6 +1,11 @@
 package api
 
-import "errors"
+import (
+	"errors"
+	"fmt"
+
+	"github.com/Ptt-official-app/go-pttbbsweb/types"
+)
 
 var (
 	ErrInvalidRemoteAddr = errors.New("invalid remote addr")
@@ -12,15 +17,68 @@ var (
 	ErrInvalidToken             = errors.New("invalid token")
 	ErrInvalidOrigin            = errors.New("invalid origin")
 	ErrInvalidBackendStatusCode = errors.New("invalid backend status code")
+	ErrNoUser                   = errors.New("no user")
 	ErrNoBoard                  = errors.New("no board")
 	ErrNoArticle                = errors.New("no article")
-	ErrAlreadyDeleted           = errors.New("already deleted")
-	ErrFileNotFound             = errors.New("file not found")
+	ErrNoUserBoard              = errors.New("no user board")
+
+	ErrAlreadyDeleted = errors.New("already deleted")
+	ErrFileNotFound   = errors.New("file not found")
 
 	ErrInvalidUser   = errors.New("invalid user")
 	ErrInvalidClient = errors.New("invalid client")
 
 	ErrAlreadyExists = errors.New("already exists")
 
 	ErrInvalidFav = errors.New("invalid fav")
+
+	ErrNotFriend     = errors.New("not friend")
+	ErrBoardBlocked  = errors.New("board blocked")
+	ErrBoardReported = errors.New("board reported")
+	ErrBoardBucket   = errors.New("board bucket")
+
+	ErrPermBoardCreatePermission = errors.New("no board create permission")
+
+	ErrPermBoardReadHidden   = errors.New("hidden board")
+	ErrPermBoardReadBlocked  = errors.New("blocked board")
+	ErrPermBoardReadReported = errors.New("reported board")
+
+	ErrPermBoardReadNotOver18  = errors.New("not over18")
+	ErrPermBoardReadPermission = errors.New("no board read permission")
+
+	ErrPermPostReadOnly        = errors.New("read only")
+	ErrPermPostBannedByBoard   = errors.New("banned by board")
+	ErrPermBoardPostPost       = errors.New("no user post permission")
+	ErrPermBoardPostRestricted = errors.New("only board friends")
+	ErrPermBoardPostViolateLaw = errors.New("violate law")
+	ErrPermBoardPostPermission = errors.New("no board post permission")
+
+	ErrPermBoardPostLoginDays = errors.New("invalid login days")
+	ErrPermBoardPostPostLimit = errors.New("reached post limit")
+
+	ErrPermBoardEditPermission = errors.New("no board edit permission")
 )
+
+func ErrBoardCooldown(diffNanoTS types.NanoTS) error {
+	diffTS := diffNanoTS.ToTime8()
+	diffMin := diffTS / 60
+	diffSec := diffTS % 60
+
+	return fmt.Errorf("board cooldown %v:%02d", diffMin, diffSec)
+}
+
+func ErrBoardPosttime(diffNanoTS types.NanoTS) error {
+	diffTS := diffNanoTS.ToTime8()
+	diffMin := diffTS / 60
+	diffSec := diffTS % 60
+
+	return fmt.Errorf("board posttime %v:%02d", diffMin, diffSec)
+}
+
+func ErrFloodReject(diffNanoTS types.NanoTS) error {
+	diffTS := diffNanoTS.ToTime8()
+	diffMin := diffTS / 60
+	diffSec := diffTS % 60
+
+	return fmt.Errorf("flood reject %v:%02d", diffMin, diffSec)
+}
diff --git a/api/get_article_blocks.go b/api/get_article_blocks.go
@@ -76,10 +76,10 @@ func GetArticleBlocks(remoteAddr string, userID bbs.UUserID, params interface{},
 	}
 	articleID := thePath.FArticleID.ToArticleID()
 
-	// validate user
-	_, statusCode, err = isBoardValidUser(boardID, c)
+	// check permission
+	err = CheckUserArticlePermReadable(userID, boardID, articleID, true)
 	if err != nil {
-		return nil, statusCode, err
+		return nil, 403, err
 	}
 
 	if theParams.StartIdx == "" {

diff --git a/api/get_article_blocks_test.go b/api/get_article_blocks_test.go
@@ -18,6 +18,8 @@ func TestGetArticleBlocks(t *testing.T) {
 	setupTest()
 	defer teardownTest()
 
+	_, _ = deserializeUserDetailAndUpdateDB(testUserSYSOP_b, 123456890000000000)
+
 	boardSummaries_b := []*bbs.BoardSummary{testBoardSummaryWhoAmI_b}
 	_, _, _ = deserializeBoardsAndUpdateDB("SYSOP", boardSummaries_b, 123456890000000000)
 

diff --git a/api/get_article_detail.go b/api/get_article_detail.go
@@ -68,6 +68,12 @@ func GetArticleDetail(remoteAddr string, userID bbs.UUserID, params interface{},
 	}
 	articleID := thePath.FArticleID.ToArticleID()
 
+	// check permission
+	err = CheckUserArticlePermReadable(userID, boardID, articleID, true)
+	if err != nil {
+		return nil, 403, err
+	}
+
 	// validate user
 	_, statusCode, err = isBoardValidUser(boardID, c)
 	if err != nil {