From dd88bbb868f4c544b62d27968f55c511d2d65e4f Mon Sep 17 00:00:00 2001
From: hole-thu <hole_thu@riseup.net>
Date: Sat, 12 Nov 2022 23:16:58 +0800
Subject: [PATCH] tmp use cannot reply others

---
 src/api/comment.rs | 3 +++
 src/api/mod.rs     | 2 +-
 src/api/post.rs    | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/api/comment.rs b/src/api/comment.rs
index 7e908e4..d26ba36 100644
--- a/src/api/comment.rs
+++ b/src/api/comment.rs
@@ -118,6 +118,9 @@ pub async fn add_comment(
     rconn: RdsConn,
 ) -> JsonApi {
     let mut p = Post::get(&db, &rconn, pid).await?;
+    if p.author_hash != user.namehash {
+        user.id.ok_or(YouAreTmp)?;
+    }
     let use_title = ci.use_title.is_some() || user.is_admin || user.is_candidate;
     let c = Comment::create(
         &db,
diff --git a/src/api/mod.rs b/src/api/mod.rs
index c2d3606..9e0f296 100644
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@@ -172,7 +172,7 @@ impl<'r> Responder<'r, 'static> for ApiError {
                     PolicyError::TitleUsed => "头衔已被使用",
                     PolicyError::TitleProtected => "头衔处于保护期",
                     PolicyError::InvalidTitle => "头衔包含不允许的符号",
-                    PolicyError::YouAreTmp => "临时用户只可发布内容和进入单个洞",
+                    PolicyError::YouAreTmp => "临时用户只可发布内容",
                     PolicyError::NoReason => "未填写理由",
                     PolicyError::UnknownPushEndpoint => "未知的浏览器推送地址",
                 }
diff --git a/src/api/post.rs b/src/api/post.rs
index 9e56a21..c47bb41 100644
--- a/src/api/post.rs
+++ b/src/api/post.rs
@@ -143,6 +143,7 @@ pub async fn ps2outputs(
 
 #[get("/getone?<pid>")]
 pub async fn get_one(pid: i32, user: CurrentUser, db: Db, rconn: RdsConn) -> JsonApi {
+    user.id.ok_or(YouAreTmp)?;
     let p = Post::get(&db, &rconn, pid).await?;
     p.check_permission(&user, "ro")?;
     Ok(json!({