Noah Petherbridge
f6d076f7c2
* Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
72 lines
2.2 KiB
Go
72 lines
2.2 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"git.kirsle.net/apps/gosocial/pkg/controller/photo"
|
|
"git.kirsle.net/apps/gosocial/pkg/log"
|
|
"git.kirsle.net/apps/gosocial/pkg/session"
|
|
"git.kirsle.net/apps/gosocial/pkg/templates"
|
|
)
|
|
|
|
// LoginRequired middleware.
|
|
func LoginRequired(handler http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// User must be logged in.
|
|
if _, err := session.CurrentUser(r); err != nil {
|
|
log.Error("LoginRequired: %s", err)
|
|
errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden)
|
|
errhandler.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
handler.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
// AdminRequired middleware.
|
|
func AdminRequired(handler http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// User must be logged in.
|
|
if currentUser, err := session.CurrentUser(r); err != nil {
|
|
log.Error("AdminRequired: %s", err)
|
|
errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden)
|
|
errhandler.ServeHTTP(w, r)
|
|
return
|
|
} else if !currentUser.IsAdmin {
|
|
log.Error("AdminRequired: %s", err)
|
|
errhandler := templates.MakeErrorPage("Admin Required", "You do not have permission for this page.", http.StatusForbidden)
|
|
errhandler.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
handler.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
// CertRequired middleware: like LoginRequired but user must also have their verification pic certified.
|
|
func CertRequired(handler http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// User must be logged in.
|
|
currentUser, err := session.CurrentUser(r)
|
|
if err != nil {
|
|
log.Error("LoginRequired: %s", err)
|
|
errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden)
|
|
errhandler.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// User must be certified.
|
|
if !currentUser.Certified || currentUser.ProfilePhoto.ID == 0 {
|
|
log.Error("CertRequired: user is not certified")
|
|
photo.CertificationRequiredError().ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
handler.ServeHTTP(w, r)
|
|
})
|
|
}
|