🔒 Fix #35

fb427cc6 · Liang Ding · 6e4bfd75 · fb427cc6
Commit fb427cc6 authored Jan 11, 2020 by Liang Ding
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

src/main/java/org/b3log/solo/processor/console/ArticleConsole.java ...java/org/b3log/solo/processor/console/ArticleConsole.java +11 -1

No files found.
--- a/src/main/java/org/b3log/solo/processor/console/ArticleConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/ArticleConsole.java
@@ -49,7 +49,7 @@ import java.util.stream.Collectors;
 * Article console request processing.
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.2.0.3, Dec 28, 2019
+ * @version 1.2.0.4, Jan 11, 2020
 * @since 0.4.0
 */
 @Singleton
@@ -181,6 +181,16 @@ public class ArticleConsole {
        context.setRenderer(renderer);
        try {
            final String articleId = context.pathVar("id");
+            final JSONObject currentUser = Solos.getCurrentUser(context.getRequest(), context.getResponse());
+            if (!articleQueryService.canAccessArticle(articleId, currentUser)) {
+                final JSONObject ret = new JSONObject();
+                renderer.setJSONObject(ret);
+                ret.put(Keys.STATUS_CODE, false);
+                ret.put(Keys.MSG, langPropsService.get("forbiddenLabel"));
+                return;
+            }
            final JSONObject result = articleQueryService.getArticle(articleId);
            result.put(Keys.STATUS_CODE, true);
            renderer.setJSONObject(result);