post by id now returns unauthorized if post is hidden

2020-11-21 21:40:07 +01:00 · 2020-11-21 21:40:07 +01:00 · bfcf1a22e6
commit bfcf1a22e6
parent 3dab5f4ab0
2 changed files with 5 additions and 1 deletions
--- a/site/Cargo.toml
+++ b/site/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "crablog"
-version = "0.2.0"
+version = "0.2.1"
 authors = ["Leonard Lorenz <dev@leonardlorenz.de>"]
 edition = "2018"

--- a/site/src/routes.rs
+++ b/site/src/routes.rs
@ -79,6 +79,10 @@ async fn blog_by_id(tmpl: web::Data<tera::Tera>, web::Path(post_id): web::Path<s
    if valid {
        let post = db::get_post_by_id(id as i32);

+        if !post.published {
+            return Ok(HttpResponse::new(StatusCode::UNAUTHORIZED))
+        }
+
        let mut context = Context::new();
        context.insert("post", &post);
        context.insert("username", CONFIG_MAP.read().unwrap().get("USERNAME").unwrap());