From aa4313694688e742f3568831e05f371fde157280 Mon Sep 17 00:00:00 2001
From: tone <3341154833@qq.com>
Date: Mon, 23 Jun 2025 08:56:03 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AF=B9=E8=AF=84=E8=AE=BA=E7=9B=B8=E5=85=B3?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E8=BF=9B=E8=A1=8C=E6=9D=83=E9=99=90=E8=AE=BE?=
 =?UTF-8?q?=E5=AE=9A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 tone-page-server/src/blog/blog.controller.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tone-page-server/src/blog/blog.controller.ts b/tone-page-server/src/blog/blog.controller.ts
index 3b6d359..a7a9ae7 100644
--- a/tone-page-server/src/blog/blog.controller.ts
+++ b/tone-page-server/src/blog/blog.controller.ts
@@ -22,7 +22,7 @@ export class BlogController {
   constructor(
     private readonly blogService: BlogService,
     private readonly userService: UserService,
-  ) {}
+  ) { }
 
   @Get()
   getBlogs() {
@@ -71,6 +71,12 @@ export class BlogController {
     const blog = await this.blogService.findById(id);
     if (!blog) throw new BadRequestException('文章不存在');
 
+    /** @todo 对文章可读性进行更详细的判定 */
+
+    if (!blog.permissions.includes(BlogPermission.Public) && !blog.permissions.includes(BlogPermission.ByPassword)) {
+      throw new BadRequestException('文章不存在或未公开');
+    }
+
     return await this.blogService.getComments(id);
   }
 
@@ -87,6 +93,10 @@ export class BlogController {
     const blog = await this.blogService.findById(id);
     if (!blog) throw new BadRequestException('文章不存在');
 
+    if (!blog.permissions.includes(BlogPermission.AllowComments)) {
+      throw new BadRequestException('作者关闭了该文章的评论功能');
+    }
+
     const user = userId ? await this.userService.findById(userId) : null;
 
     const ip = req.headers['x-forwarded-for'] || req.ip;