diff --git a/src/main/java/ru/org/linux/comment/CommentCreateService.java b/src/main/java/ru/org/linux/comment/CommentCreateService.java index b2ba27cfc..4973721e6 100644 --- a/src/main/java/ru/org/linux/comment/CommentCreateService.java +++ b/src/main/java/ru/org/linux/comment/CommentCreateService.java @@ -241,21 +241,19 @@ public Comment getComment( * @param errors обработчик ошибок ввода для формы * @return объект пользователя */ - public User getCommentUser(CommentRequest commentRequest, Errors errors) { - User currentUser = AuthUtil.getCurrentUser(); - + public User getCommentUser(@Nullable User currentUser, CommentRequest commentRequest, Errors errors) { if (currentUser!=null) { return currentUser; - } + } else { + if (commentRequest.getNick() != null) { + if (commentRequest.getPassword() == null) { + errors.reject(null, "Требуется авторизация"); + } - if (commentRequest.getNick() != null) { - if (commentRequest.getPassword() == null) { - errors.reject(null, "Требуется авторизация"); + return commentRequest.getNick(); + } else { + return userService.getAnonymous(); } - - return commentRequest.getNick(); - } else { - return userService.getAnonymous(); } } diff --git a/src/main/java/ru/org/linux/topic/TopicPermissionService.java b/src/main/java/ru/org/linux/topic/TopicPermissionService.java index 7a2c3d822..df4d66626 100644 --- a/src/main/java/ru/org/linux/topic/TopicPermissionService.java +++ b/src/main/java/ru/org/linux/topic/TopicPermissionService.java @@ -35,6 +35,7 @@ import ru.org.linux.spring.SiteConfig; import ru.org.linux.spring.dao.DeleteInfoDao; import ru.org.linux.user.User; +import ru.org.linux.user.UserService; import scala.Option; import scala.Some; @@ -64,13 +65,15 @@ public class TopicPermissionService { private final GroupDao groupDao; private final DeleteInfoDao deleteInfoDao; + private final UserService userService; public TopicPermissionService(CommentReadService commentService, SiteConfig siteConfig, GroupDao groupDao, - DeleteInfoDao deleteInfoDao) { + DeleteInfoDao deleteInfoDao, UserService userService) { this.commentService = commentService; this.siteConfig = siteConfig; this.groupDao = groupDao; this.deleteInfoDao = deleteInfoDao; + this.userService = userService; } public static String getPostScoreInfo(int postscore) { @@ -192,7 +195,7 @@ public void checkView( } } - public void checkCommentsAllowed(Topic topic, User user, Errors errors) { + public void checkCommentsAllowed(Topic topic, Optional user, Errors errors) { if (topic.isDeleted()) { errors.reject(null, "Нельзя добавлять комментарии к удаленному сообщению"); return; @@ -253,12 +256,14 @@ public int getPostscore(Topic topic) { return getPostscore(group, topic); } - public boolean isCommentsAllowed(Group group, Topic topic, User user, boolean ignoreFrozen) { - if (user != null && (user.isBlocked() || (!ignoreFrozen && user.isFrozen()))) { + public boolean isCommentsAllowed(Group group, Topic topic, Optional user, boolean ignoreFrozen) { + if (topic.isDeleted() || topic.isExpired() || topic.isDraft()) { return false; } - if (topic.isDeleted() || topic.isExpired() || topic.isDraft()) { + var effectiveUser = user.orElseGet(userService::getAnonymous); + + if (effectiveUser.isBlocked() || (!ignoreFrozen && effectiveUser.isFrozen())) { return false; } @@ -272,32 +277,32 @@ public boolean isCommentsAllowed(Group group, Topic topic, User user, boolean ig return true; } - if (user == null || user.isAnonymous()) { + if (user.isEmpty() || user.get().isAnonymous()) { return false; - } - - if (user.isModerator()) { - return true; - } + } else { + if (user.get().isModerator()) { + return true; + } - if (score == POSTSCORE_REGISTERED_ONLY) { - return true; - } + if (score == POSTSCORE_REGISTERED_ONLY) { + return true; + } - if (score == POSTSCORE_MODERATORS_ONLY) { - return false; - } + if (score == POSTSCORE_MODERATORS_ONLY) { + return false; + } - boolean isAuthor = user.getId() == topic.getAuthorUserId(); + boolean isAuthor = user.get().getId() == topic.getAuthorUserId(); - if (score == POSTSCORE_MOD_AUTHOR) { - return isAuthor; - } + if (score == POSTSCORE_MOD_AUTHOR) { + return isAuthor; + } - if (isAuthor) { - return true; - } else { - return user.getScore() >= score; + if (isAuthor) { + return true; + } else { + return user.get().getScore() >= score; + } } } @@ -338,7 +343,7 @@ public boolean isCommentEditableNow(@Nonnull Comment comment, @Nullable User cur boolean haveAnswers, @Nonnull Topic topic, MarkupType markup) { Errors errors = new MapBindingResult(ImmutableMap.of(), "obj"); - checkCommentsAllowed(topic, currentUser, errors); + checkCommentsAllowed(topic, Optional.ofNullable(currentUser), errors); checkCommentEditableNow(comment, currentUser, haveAnswers, topic, errors, markup); return !errors.hasErrors(); diff --git a/src/main/scala/ru/org/linux/comment/AddCommentController.scala b/src/main/scala/ru/org/linux/comment/AddCommentController.scala index 129aa9585..400a640c7 100644 --- a/src/main/scala/ru/org/linux/comment/AddCommentController.scala +++ b/src/main/scala/ru/org/linux/comment/AddCommentController.scala @@ -26,6 +26,7 @@ import org.springframework.web.bind.WebDataBinder import org.springframework.web.bind.annotation.* import org.springframework.web.servlet.ModelAndView import org.springframework.web.servlet.view.RedirectView +import ru.org.linux.auth.AuthUtil.AuthorizedOpt import ru.org.linux.auth.{AccessViolationException, AuthUtil, IPBlockDao, IPBlockInfo} import ru.org.linux.csrf.CSRFNoAuto import ru.org.linux.markup.{MarkupPermissions, MarkupType, MessageTextService} @@ -39,6 +40,7 @@ import ru.org.linux.util.{ServletParameterException, StringUtil} import java.util.Optional import javax.servlet.http.HttpServletRequest import javax.validation.Valid +import scala.compat.java8.OptionConverters.RichOptionForJava8 import scala.jdk.CollectionConverters.* @Controller @@ -54,7 +56,7 @@ class AddCommentController(ipBlockDao: IPBlockDao, commentPrepareService: Commen * Показ формы добавления ответа на комментарий. */ @RequestMapping(value = Array("/add_comment.jsp"), method = Array(RequestMethod.GET)) - def showFormReply(@ModelAttribute("add") @Valid add: CommentRequest, errors: Errors): ModelAndView = { + def showFormReply(@ModelAttribute("add") @Valid add: CommentRequest, errors: Errors): ModelAndView = AuthorizedOpt { currentUser => if (add.getTopic == null) throw new ServletParameterException("тема не задана") @@ -64,11 +66,11 @@ class AddCommentController(ipBlockDao: IPBlockDao, commentPrepareService: Commen add.setMode(tmpl.getFormatMode) } - topicPermissionService.checkCommentsAllowed(add.getTopic, AuthUtil.getCurrentUser, errors) + topicPermissionService.checkCommentsAllowed(add.getTopic, currentUser.map(_.user).asJava, errors) val postscore = topicPermissionService.getPostscore(add.getTopic) - new ModelAndView("add_comment", (commentService.prepareReplyto(add, AuthUtil.getCurrentUser, tmpl.getProf, add.getTopic).asScala + ( + new ModelAndView("add_comment", (commentService.prepareReplyto(add, currentUser.map(_.user).orNull, tmpl.getProf, add.getTopic).asScala.toMap + ( "postscoreInfo" -> TopicPermissionService.getPostScoreInfo(postscore) )).asJava) } @@ -77,11 +79,11 @@ class AddCommentController(ipBlockDao: IPBlockDao, commentPrepareService: Commen * Показ топика с формой добавления комментария верхнего уровня. */ @RequestMapping(Array("/comment-message.jsp")) - def showFormTopic(@ModelAttribute("add") @Valid add: CommentRequest): ModelAndView = { + def showFormTopic(@ModelAttribute("add") @Valid add: CommentRequest): ModelAndView = AuthorizedOpt { currentUser => val tmpl = Template.getTemplate - val preparedTopic = topicPrepareService.prepareTopic(add.getTopic, AuthUtil.getCurrentUser) + val preparedTopic = topicPrepareService.prepareTopic(add.getTopic, currentUser.map(_.user).orNull) - if (!topicPermissionService.isCommentsAllowed(preparedTopic.group, add.getTopic, AuthUtil.getCurrentUser, false)) + if (!topicPermissionService.isCommentsAllowed(preparedTopic.group, add.getTopic, currentUser.map(_.user).asJava, false)) throw new AccessViolationException("Это сообщение нельзя комментировать") if (add.getMode == null) { @@ -102,14 +104,14 @@ class AddCommentController(ipBlockDao: IPBlockDao, commentPrepareService: Commen @RequestMapping(value = Array("/add_comment.jsp"), method = Array(RequestMethod.POST)) @CSRFNoAuto def addComment(@ModelAttribute("add") @Valid add: CommentRequest, errors: Errors, request: HttpServletRequest, - @ModelAttribute("ipBlockInfo") ipBlockInfo: IPBlockInfo): ModelAndView = { - val user = commentService.getCommentUser(add, errors) + @ModelAttribute("ipBlockInfo") ipBlockInfo: IPBlockInfo): ModelAndView = AuthorizedOpt { sessionUserOpt => + val user = commentService.getCommentUser(sessionUserOpt.map(_.user).orNull, add, errors) commentService.checkPostData(add, user, ipBlockInfo, request, errors, false) val comment = commentService.getComment(add, user, request) if (add.getTopic != null) { - topicPermissionService.checkCommentsAllowed(add.getTopic, user, errors) + topicPermissionService.checkCommentsAllowed(add.getTopic, Some(user).asJava, errors) } val tmpl = Template.getTemplate @@ -154,8 +156,8 @@ class AddCommentController(ipBlockDao: IPBlockDao, commentPrepareService: Commen method = Array(RequestMethod.POST)) @ResponseBody def addCommentAjax(@ModelAttribute("add") @Valid add: CommentRequest, errors: Errors, request: HttpServletRequest, - @ModelAttribute("ipBlockInfo") ipBlockInfo: IPBlockInfo): Json = { - val user = commentService.getCommentUser(add, errors) + @ModelAttribute("ipBlockInfo") ipBlockInfo: IPBlockInfo): Json = AuthorizedOpt { sessionUserOpt => + val user = commentService.getCommentUser(sessionUserOpt.map(_.user).orNull, add, errors) commentService.checkPostData(add, user, ipBlockInfo, request, errors, false) @@ -163,7 +165,7 @@ class AddCommentController(ipBlockDao: IPBlockDao, commentPrepareService: Commen val comment = commentService.getComment(add, user, request) if (add.getTopic != null) { - topicPermissionService.checkCommentsAllowed(add.getTopic, user, errors) + topicPermissionService.checkCommentsAllowed(add.getTopic, Some(user).asJava, errors) } if (add.isPreviewMode || errors.hasErrors || comment == null) { diff --git a/src/main/scala/ru/org/linux/comment/CommentPrepareService.scala b/src/main/scala/ru/org/linux/comment/CommentPrepareService.scala index 11f024b90..77c14a55e 100644 --- a/src/main/scala/ru/org/linux/comment/CommentPrepareService.scala +++ b/src/main/scala/ru/org/linux/comment/CommentPrepareService.scala @@ -106,7 +106,7 @@ class CommentPrepareService(textService: MessageTextService, msgbaseDao: Msgbase val deletable = topicPermissionService.isCommentDeletableNow(comment, currentUser.orNull, topic, hasAnswers) val editable = topicPermissionService.isCommentEditableNow(comment, currentUser.orNull, hasAnswers, topic, messageText.markup) - val authorReadonly = !topicPermissionService.isCommentsAllowed(group, topic, author, true) + val authorReadonly = !topicPermissionService.isCommentsAllowed(group, topic, Some(author).toJava, true) PreparedComment(comment = comment, author = author, processedMessage = processedMessage, reply = replyInfo, deletable = deletable, editable = editable, remark = remark, userpic = userpic, deleteInfo = apiDeleteInfo, @@ -167,13 +167,6 @@ class CommentPrepareService(textService: MessageTextService, msgbaseDao: Msgbase processedMessage = processedMessage, deletable = false, reactions = PreparedReactions.emptyDisabled) } - def prepareCommentListRSS(list: Seq[Comment]): Seq[PreparedRSSComment] = { - list.map { comment => - val messageText = msgbaseDao.getMessageText(comment.id) - prepareRSSComment(messageText, comment) - } - } - def prepareCommentList(comments: CommentList, list: Seq[Comment], topic: Topic, hideSet: Set[Int], currentUser: Option[User], profile: Profile, ignoreList: Set[Int], filterShow: Boolean): Seq[PreparedComment] = { diff --git a/src/main/scala/ru/org/linux/comment/EditCommentController.scala b/src/main/scala/ru/org/linux/comment/EditCommentController.scala index a1bda0eff..204ec951b 100644 --- a/src/main/scala/ru/org/linux/comment/EditCommentController.scala +++ b/src/main/scala/ru/org/linux/comment/EditCommentController.scala @@ -20,7 +20,7 @@ import org.springframework.web.bind.WebDataBinder import org.springframework.web.bind.annotation.{InitBinder, ModelAttribute, RequestMapping, RequestMethod} import org.springframework.web.servlet.ModelAndView import org.springframework.web.servlet.view.RedirectView -import ru.org.linux.auth.AuthUtil.AuthorizedOnly +import ru.org.linux.auth.AuthUtil.{AuthorizedOnly, AuthorizedOpt} import ru.org.linux.auth.{AuthUtil, IPBlockDao, IPBlockInfo} import ru.org.linux.csrf.CSRFNoAuto import ru.org.linux.markup.{MarkupType, MessageTextService} @@ -34,6 +34,7 @@ import ru.org.linux.util.ServletParameterException import java.util import javax.servlet.http.HttpServletRequest import javax.validation.Valid +import scala.compat.java8.OptionConverters.RichOptionForJava8 @Controller class EditCommentController(commentService: CommentCreateService, msgbaseDao: MsgbaseDao, ipBlockDao: IPBlockDao, @@ -98,8 +99,8 @@ class EditCommentController(commentService: CommentCreateService, msgbaseDao: Ms @CSRFNoAuto def editCommentPostHandler(@ModelAttribute("add") @Valid commentRequest: CommentRequest, errors: Errors, request: HttpServletRequest, - @ModelAttribute("ipBlockInfo") ipBlockInfo: IPBlockInfo): ModelAndView = { - val user = commentService.getCommentUser(commentRequest, errors) + @ModelAttribute("ipBlockInfo") ipBlockInfo: IPBlockInfo): ModelAndView = AuthorizedOnly { currentUser => + val user = currentUser.user commentService.checkPostData(commentRequest, user, ipBlockInfo, request, errors, true) val comment = commentService.getComment(commentRequest, user, request) @@ -120,7 +121,7 @@ class EditCommentController(commentService: CommentCreateService, msgbaseDao: Ms if (commentRequest.getTopic != null) { val postscore = topicPermissionService.getPostscore(commentRequest.getTopic) formParams.put("postscoreInfo", TopicPermissionService.getPostScoreInfo(postscore)) - topicPermissionService.checkCommentsAllowed(commentRequest.getTopic, user, errors) + topicPermissionService.checkCommentsAllowed(commentRequest.getTopic, Some(user).asJava, errors) formParams.put("comment", commentPrepareService.prepareCommentForEdit(comment, msg)) } diff --git a/src/main/scala/ru/org/linux/topic/TopicController.scala b/src/main/scala/ru/org/linux/topic/TopicController.scala index 6030df181..e3a0966ee 100644 --- a/src/main/scala/ru/org/linux/topic/TopicController.scala +++ b/src/main/scala/ru/org/linux/topic/TopicController.scala @@ -209,7 +209,7 @@ class TopicController(sectionService: SectionService, topicDao: TopicDao, prepar params.put("group", group) params.put("showAdsense", Boolean.box(currentUserOpt.isEmpty || !tmpl.getProf.isHideAdsense)) - if (currentUserOpt.isEmpty) { // because users have IgnoreList and memories + if (currentUserOpt.isEmpty && topic.expired) { val etag = TopicController.getEtag(topic) response.setHeader("Etag", etag) diff --git a/src/main/scala/ru/org/linux/topic/TopicPrepareService.scala b/src/main/scala/ru/org/linux/topic/TopicPrepareService.scala index 017c55cd0..a01109628 100644 --- a/src/main/scala/ru/org/linux/topic/TopicPrepareService.scala +++ b/src/main/scala/ru/org/linux/topic/TopicPrepareService.scala @@ -30,7 +30,7 @@ import ru.org.linux.util.StringUtil import javax.annotation.Nullable import scala.jdk.CollectionConverters.* -import scala.jdk.OptionConverters.RichOptional +import scala.jdk.OptionConverters.{RichOption, RichOptional} @Service class TopicPrepareService(sectionService: SectionService, groupDao: GroupDao, deleteInfoDao: DeleteInfoDao, @@ -215,7 +215,7 @@ class TopicPrepareService(sectionService: SectionService, groupDao: GroupDao, de val showComments = postscore != TopicPermissionService.POSTSCORE_HIDE_COMMENTS new TopicMenu(topicEditable, tagsEditable, resolvable, - topicPermissionService.isCommentsAllowed(topic.group, topic.message, currentUser, false), deletable, + topicPermissionService.isCommentsAllowed(topic.group, topic.message, Option(currentUser).toJava, false), deletable, undeletable, groupPermissionService.canCommit(currentUser, topic.message), userpic.orNull, showComments) }