tone/tonePage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

对评论相关接口进行权限设定

Browse Source
This commit is contained in:
tone
2025-06-23 08:56:03 +08:00
parent a62901176e
commit 29d3ddc574
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tone-page-server/src/blog/blog.controller.ts
View File

@@ -71,6 +71,12 @@ export class BlogController {
const blog = await this.blogService.findById(id); const blog = await this.blogService.findById(id);
if (!blog) throw new BadRequestException('文章不存在'); if (!blog) throw new BadRequestException('文章不存在');
/** @todo 对文章可读性进行更详细的判定 */
if (!blog.permissions.includes(BlogPermission.Public) && !blog.permissions.includes(BlogPermission.ByPassword)) {
throw new BadRequestException('文章不存在或未公开');
}
return await this.blogService.getComments(id); return await this.blogService.getComments(id);
} }
@@ -87,6 +93,10 @@ export class BlogController {
const blog = await this.blogService.findById(id); const blog = await this.blogService.findById(id);
if (!blog) throw new BadRequestException('文章不存在'); if (!blog) throw new BadRequestException('文章不存在');
if (!blog.permissions.includes(BlogPermission.AllowComments)) {
throw new BadRequestException('作者关闭了该文章的评论功能');
}
const user = userId ? await this.userService.findById(userId) : null; const user = userId ? await this.userService.findById(userId) : null;
const ip = req.headers['x-forwarded-for'] || req.ip; const ip = req.headers['x-forwarded-for'] || req.ip;