New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix accessibility of silenced user posts #384
fix accessibility of silenced user posts #384
Conversation
Change view post collection queries to verify that the authenticated user of a silenced collection is either the owner or admin
I've applied this patch for qua.name. Works for me with one exception, which may be a local issue, I haven't dived in yet. Posts from silenced users are still visible in the 'reader' ( URI '/read' ) After restarting writefreely they are not visible anymore. I think posts from silenced users should also be removed from the 'reader' page without having to restart writefreely (possibly a caching issue?) |
I agree, we should make it so silenced users are immediately removed from the Reader, too. This does sound like a caching issue -- maybe we could invalidate the cache anytime the Reader is enabled and a new user is silenced? Probably around here: |
Sounds good. Would it be safe to set |
I think the best way would be to pass a boolean that invalidates the cache. Since this is an expensive query, we prefer to keep |
maybe I am missing something, but wouldn't The cache is an unexported field so in order to forcibly reset the cache, Should I instead add a third function |
Yes, I think that'd be the best route to go. |
Modify updateTimelineCache to allow a boolean to indicate that the cache should be forcibly reset
made the changes based on the linked pr. I'm not sure if I reset the cache in the right place after silencing the user? It is unclear to me if there's a different handler called when an admin clicks "silence" on a user. Still need to manually test either via modifying the go.mod locally or merging the web-core pr and updating the commit. Leaving as a draft until the web-core pr is merged |
Add back else clause after realizing the error check doesn't return after logging.
Moving this out of draft, now that writeas/web-core#11 is merged. |
Update go.mod to use latest commit on web-core
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated the web-core commit. Will try to test this week
I have tested these changes and they work as expected. When the user is silenced, the posts are not viewable directly or on the reader. When the user is unsilenced, the posts will be added back to the reader once the cache is refreshed The UI is looking better. Looking forward to the next release |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, tested and this works great! Thanks!
Change view post collection queries to verify that the authenticated user viewing a silenced collection is either the owner or admin. Previous behaviour was only checking if the post owner was also the collection owner which always returned true, causing the if statement to be skipped.
closes: #374