Stop blocked users making profile comments too.
Hide the Send Message option on profiles for blocked users. Move the profile reply routes to their own file. Remove a redundant user initialisation. Shorten things.
This commit is contained in:
@ -95,9 +95,9 @@ func (f *Forum) Update(name string, desc string, active bool, preset string) err
func (f *Forum) SetPreset(preset string, gid int) error {
fperms, changed := GroupForumPresetToForumPerms(preset)
fp, changed := GroupForumPresetToForumPerms(preset)
if changed {
return f.SetPerms(fperms, preset, gid)
return f.SetPerms(fp, preset, gid)
return nil
@ -1,7 +1,10 @@
package common
import "database/sql"
import ""
import (
qgen ""
var Likes LikeStore
@ -32,8 +35,7 @@ func (s *DefaultLikeStore) BulkExists(ids []int, sentBy int, targetType string)
var id int
for rows.Next() {
err = rows.Scan(&id)
if err != nil {
if err := rows.Scan(&id); err != nil {
return nil, err
eids = append(eids, id)
@ -208,6 +208,8 @@ type ProfilePage struct {
CurrentScore int
NextScore int
Blocked bool
CanMessage bool
CanComment bool
type CreateTopicPage struct {
@ -23,19 +23,20 @@ type DefaultBlockStore struct {
func NewDefaultBlockStore(acc *qgen.Accumulator) (*DefaultBlockStore, error) {
ub := "users_blocks"
return &DefaultBlockStore{
isBlocked: acc.Select("users_blocks").Cols("blocker").Where("blocker = ? AND blockedUser = ?").Prepare(),
add: acc.Insert("users_blocks").Columns("blocker,blockedUser").Fields("?,?").Prepare(),
remove: acc.Delete("users_blocks").Where("blocker = ? AND blockedUser = ?").Prepare(),
isBlocked: acc.Select(ub).Cols("blocker").Where("blocker = ? AND blockedUser = ?").Prepare(),
add: acc.Insert(ub).Columns("blocker,blockedUser").Fields("?,?").Prepare(),
remove: acc.Delete(ub).Where("blocker = ? AND blockedUser = ?").Prepare(),
}, acc.FirstError()
func (s *DefaultBlockStore) IsBlockedBy(blocker, blockee int) (bool, error) {
err := s.isBlocked.QueryRow(blocker, blockee).Scan(&blocker)
if err != nil && err != ErrNoRows {
return false, err
if err == ErrNoRows {
return false, nil
return err != ErrNoRows, nil
return err == nil, err
func (s *DefaultBlockStore) Add(blocker, blockee int) error {
@ -296,7 +296,7 @@ func compileTemplates(wg *sync.WaitGroup, c *tmpl.CTemplateSet, themeName string
return err
ppage := ProfilePage{htitle("User 526"), replyList, user, 0, 0, false} // TODO: Use the score from user to generate the currentScore and nextScore
ppage := ProfilePage{htitle("User 526"), replyList, user, 0, 0, false,false,false} // TODO: Use the score from user to generate the currentScore and nextScore
t.Add("profile", "c.ProfilePage", ppage)
var topicsList []*TopicsRow
@ -242,9 +242,8 @@ func init() {
// Flush the topic out of the cache
// ? - We do a CacheRemove() here instead of mutating the pointer to avoid creating a race condition
func (t *Topic) cacheRemove() {
tcache := Topics.GetCache()
if tcache != nil {
if tc := Topics.GetCache(); tc != nil {
@ -565,11 +564,10 @@ func (t *TopicUser) Replies(offset int, pFrag int, user *User) (rlist []*ReplyUs
if err != nil {
return nil, "", err
err = reply.Init()
if err != nil {
if err := reply.Init(); err != nil {
return nil, "", err
reply.ContentHtml = ParseMessage(reply.Content, t.ParentID, "forums")
// TODO: This doesn't work properly so pick the first one instead?
@ -180,9 +180,8 @@ func (u *User) Init() {
// TODO: Refactor this idiom into something shorter, maybe with a NullUserCache when one isn't set?
func (u *User) CacheRemove() {
ucache := Users.GetCache()
if ucache != nil {
if uc := Users.GetCache(); uc != nil {
@ -336,9 +335,8 @@ func (u *User) ChangeGroup(group int) (err error) {
// ! Only updates the database not the *User for safety reasons
func (u *User) UpdateIP(host string) error {
_, err := userStmts.updateLastIP.Exec(host, u.ID)
ucache := Users.GetCache()
if ucache != nil {
if uc := Users.GetCache(); uc != nil {
return err
@ -59,7 +59,6 @@ func ViewProfile(w http.ResponseWriter, r *http.Request, user c.User, header *c.
} else if err != nil {
return c.InternalError(err, w, r)
header.Title = phrases.GetTitlePhrasef("profile", puser.Name)
header.Path = c.BuildProfileURL(c.NameToSlug(puser.Name), puser.ID)
@ -86,13 +85,10 @@ func ViewProfile(w http.ResponseWriter, r *http.Request, user c.User, header *c.
if err != nil {
return c.InternalError(err, w, r)
if group.Tag != "" {
ru.Tag = group.Tag
} else if puser.ID == ru.CreatedBy {
ru.Tag = phrases.GetTmplPhrase("profile_owner_tag")
} else {
ru.Tag = ""
// TODO: Add a hook here
@ -111,6 +107,13 @@ func ViewProfile(w http.ResponseWriter, r *http.Request, user c.User, header *c.
return c.InternalError(err, w, r)
ppage := c.ProfilePage{header, replyList, *puser, currentScore, nextScore, blocked}
blockedInv, err := c.UserBlocks.IsBlockedBy(puser.ID, user.ID)
if err != nil {
return c.InternalError(err, w, r)
canMessage := (!blockedInv && user.Perms.UseConvos) || user.IsSuperMod
canComment := !blockedInv && user.Perms.ViewTopic && user.Perms.CreateReply
ppage := c.ProfilePage{header, replyList, *puser, currentScore, nextScore, blocked, canMessage, canComment}
return renderTemplate("profile", w, r, header, ppage)
Normal file
Normal file
@ -0,0 +1,131 @@
package routes
import (
c ""
func ProfileReplyCreateSubmit(w http.ResponseWriter, r *http.Request, user c.User) c.RouteError {
if !user.Perms.ViewTopic || !user.Perms.CreateReply {
return c.NoPermissions(w, r, user)
uid, err := strconv.Atoi(r.PostFormValue("uid"))
if err != nil {
return c.LocalError("Invalid UID", w, r, user)
profileOwner, err := c.Users.Get(uid)
if err == sql.ErrNoRows {
return c.LocalError("The profile you're trying to post on doesn't exist.", w, r, user)
} else if err != nil {
return c.InternalError(err, w, r)
blocked, err := c.UserBlocks.IsBlockedBy(profileOwner.ID, user.ID)
if err != nil {
return c.InternalError(err, w, r)
// Supermods can bypass blocks so they can tell people off when they do something stupid or have to convey important information
if blocked && !user.IsSuperMod {
return c.LocalError("You don't have permission to send messages to one of these users.", w, r, user)
content := c.PreparseMessage(r.PostFormValue("content"))
if len(content) == 0 {
return c.LocalError("You can't make a blank post", w, r, user)
// TODO: Fully parse the post and store it in the parsed column
_, err = c.Prstore.Create(profileOwner.ID, content, user.ID, user.LastIP)
if err != nil {
return c.InternalError(err, w, r)
// ! Be careful about leaking per-route permission state with &user
alert := c.Alert{ActorID: user.ID, TargetUserID: profileOwner.ID, Event: "reply", ElementType: "user", ElementID: profileOwner.ID, Actor: &user}
err = c.AddActivityAndNotifyTarget(alert)
if err != nil {
return c.InternalError(err, w, r)
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
return nil
func ProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid string) c.RouteError {
js := r.PostFormValue("js") == "1"
rid, err := strconv.Atoi(srid)
if err != nil {
return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, js)
reply, err := c.Prstore.Get(rid)
if err == sql.ErrNoRows {
return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
} else if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
creator, err := c.Users.Get(reply.CreatedBy)
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
// ? Does the admin understand that this group perm affects this?
if user.ID != creator.ID && !user.Perms.EditReply {
return c.NoPermissionsJSQ(w, r, user, js)
// TODO: Stop blocked users from modifying profile replies?
err = reply.SetBody(r.PostFormValue("edit_item"))
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
if !js {
http.Redirect(w, r, "/user/"+strconv.Itoa(creator.ID)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
} else {
return nil
func ProfileReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid string) c.RouteError {
js := r.PostFormValue("js") == "1"
rid, err := strconv.Atoi(srid)
if err != nil {
return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, js)
reply, err := c.Prstore.Get(rid)
if err == sql.ErrNoRows {
return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
} else if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
creator, err := c.Users.Get(reply.CreatedBy)
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
if user.ID != creator.ID && !user.Perms.DeleteReply {
return c.NoPermissionsJSQ(w, r, user, js)
err = reply.Delete()
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
//log.Printf("The profile post '%d' was deleted by c.User #%d", reply.ID, user.ID)
if !js {
//http.Redirect(w,r, "/user/" + strconv.Itoa(creator.ID), http.StatusSeeOther)
} else {
return nil
@ -92,7 +92,9 @@ func CreateReplySubmit(w http.ResponseWriter, r *http.Request, user c.User) c.Ro
//c.DebugDetail("key: ", key)
//c.DebugDetailf("values: %+v\n", values)
for _, value := range values {
if strings.HasPrefix(key, "pollinputitem[") {
if !strings.HasPrefix(key, "pollinputitem[") {
halves := strings.Split(key, "[")
if len(halves) != 2 {
return c.LocalErrorJSQ("Malformed pollinputitem", w, r, user, js)
@ -115,7 +117,6 @@ func CreateReplySubmit(w http.ResponseWriter, r *http.Request, user c.User) c.Ro
// Make sure the indices are sequential to avoid out of bounds issues
seqPollInputItems := make(map[int]string)
@ -140,8 +141,7 @@ func CreateReplySubmit(w http.ResponseWriter, r *http.Request, user c.User) c.Ro
return c.InternalErrorJSQ(err, w, r, js)
wcount := c.WordCount(content)
err = user.IncreasePostStats(wcount, false)
err = user.IncreasePostStats(c.WordCount(content), false)
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
@ -164,14 +164,12 @@ func CreateReplySubmit(w http.ResponseWriter, r *http.Request, user c.User) c.Ro
var rids []int
for rows.Next() {
var rid int
err := rows.Scan(&rid)
if err != nil {
if err := rows.Scan(&rid); err != nil {
return c.InternalErrorJSQ(err, w, r, js)
rids = append(rids, rid)
err = rows.Err()
if err != nil {
if err := rows.Err(); err != nil {
return c.InternalErrorJSQ(err, w, r, js)
if len(rids) == 0 {
@ -312,9 +310,7 @@ func ReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid
return c.NoPermissionsJSQ(w, r, user, js)
err = reply.Delete()
if err != nil {
if err := reply.Delete(); err != nil {
return c.InternalErrorJSQ(err, w, r, js)
@ -333,8 +329,7 @@ func ReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid
// ? - What happens if an error fires after a redirect...?
replyCreator, err := c.Users.Get(reply.CreatedBy)
if err == nil {
wcount := c.WordCount(reply.Content)
err = replyCreator.DecreasePostStats(wcount, false)
err = replyCreator.DecreasePostStats(c.WordCount(reply.Content), false)
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
@ -463,117 +458,6 @@ func RemoveAttachFromReplySubmit(w http.ResponseWriter, r *http.Request, user c.
return nil
// TODO: Move the profile reply routes to their own file?
func ProfileReplyCreateSubmit(w http.ResponseWriter, r *http.Request, user c.User) c.RouteError {
if !user.Perms.ViewTopic || !user.Perms.CreateReply {
return c.NoPermissions(w, r, user)
uid, err := strconv.Atoi(r.PostFormValue("uid"))
if err != nil {
return c.LocalError("Invalid UID", w, r, user)
profileOwner, err := c.Users.Get(uid)
if err == sql.ErrNoRows {
return c.LocalError("The profile you're trying to post on doesn't exist.", w, r, user)
} else if err != nil {
return c.InternalError(err, w, r)
content := c.PreparseMessage(r.PostFormValue("content"))
if len(content) == 0 {
return c.LocalError("You can't make a blank post", w, r, user)
// TODO: Fully parse the post and store it in the parsed column
_, err = c.Prstore.Create(profileOwner.ID, content, user.ID, user.LastIP)
if err != nil {
return c.InternalError(err, w, r)
// ! Be careful about leaking per-route permission state with &user
alert := c.Alert{ActorID: user.ID, TargetUserID: profileOwner.ID, Event: "reply", ElementType: "user", ElementID: profileOwner.ID, Actor: &user}
err = c.AddActivityAndNotifyTarget(alert)
if err != nil {
return c.InternalError(err, w, r)
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
return nil
func ProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid string) c.RouteError {
js := r.PostFormValue("js") == "1"
rid, err := strconv.Atoi(srid)
if err != nil {
return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, js)
reply, err := c.Prstore.Get(rid)
if err == sql.ErrNoRows {
return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
} else if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
creator, err := c.Users.Get(reply.CreatedBy)
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
// ? Does the admin understand that this group perm affects this?
if user.ID != creator.ID && !user.Perms.EditReply {
return c.NoPermissionsJSQ(w, r, user, js)
err = reply.SetBody(r.PostFormValue("edit_item"))
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
if !js {
http.Redirect(w, r, "/user/"+strconv.Itoa(creator.ID)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
} else {
return nil
func ProfileReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid string) c.RouteError {
js := r.PostFormValue("js") == "1"
rid, err := strconv.Atoi(srid)
if err != nil {
return c.LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, js)
reply, err := c.Prstore.Get(rid)
if err == sql.ErrNoRows {
return c.PreErrorJSQ("The target reply doesn't exist.", w, r, js)
} else if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
creator, err := c.Users.Get(reply.CreatedBy)
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
if user.ID != creator.ID && !user.Perms.DeleteReply {
return c.NoPermissionsJSQ(w, r, user, js)
err = reply.Delete()
if err != nil {
return c.InternalErrorJSQ(err, w, r, js)
//log.Printf("The profile post '%d' was deleted by c.User #%d", reply.ID, user.ID)
if !js {
//http.Redirect(w,r, "/user/" + strconv.Itoa(creator.ID), http.StatusSeeOther)
} else {
return nil
func ReplyLikeSubmit(w http.ResponseWriter, r *http.Request, user c.User, srid string) c.RouteError {
js := r.PostFormValue("js") == "1"
rid, err := strconv.Atoi(srid)
@ -27,9 +27,9 @@
{{if not .CurrentUser.Loggedin}}<div class="rowitem passive">
<a class="profile_menu_item">{{lang "profile_login_for_options"}}</a>
<div class="rowitem passive">
{{if .CanMessage}}<div class="rowitem passive">
<a href="/user/convos/create/" class="profile_menu_item">{{lang "profile_send_message"}}</a>
<!--<div class="rowitem passive">
<a class="profile_menu_item">{{lang "profile_add_friend"}}</a>
@ -97,7 +97,7 @@
<div id="profile_comments" class="colstack_item hash_hide">{{template "profile_comments_row.html" . }}</div>
{{if .CurrentUser.Loggedin}}
{{if not .CurrentUser.IsBanned}}
{{if .CanComment}}
<form id="profile_comments_form" class="hash_hide" action="/profile/reply/create/?s={{.CurrentUser.Session}}" method="post">
<input name="uid" value='{{.ProfileOwner.ID}}' type="hidden" />
<div class="colstack_item topic_reply_form" style="border-top:none;">
Reference in New Issue
Block a user