From 71cb70e914ed4ba61caafe11cf9bf33f4fb3d27f Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Mon, 14 Nov 2016 07:39:36 +0100
Subject: Better checks for the public pages.

---
 src/web/views/article.py | 7 ++++---
 src/web/views/feed.py    | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/web')

diff --git a/src/web/views/article.py b/src/web/views/article.py
index 163ba413..283ef001 100644
--- a/src/web/views/article.py
+++ b/src/web/views/article.py
@@ -32,7 +32,7 @@ def redirect_to_article(article_id):
 @etag_match
 def article(article_id=None):
     """
-    Presents the content of an article.
+    Presents an article.
     """
     article = ArticleController(current_user.id).get(id=article_id)
     return render_template('article.html',
@@ -43,10 +43,11 @@ def article(article_id=None):
 @etag_match
 def article_pub(article_id=None):
     """
-    Presents the content of an article of a public feed.
+    Presents an article of a public feed if the profile of the owner is also
+    public.
     """
     article = ArticleController().get(id=article_id)
-    if article.source.private:
+    if article.source.private or not article.source.user.is_public_profile:
         return render_template('errors/404.html'), 404
     return render_template('article_pub.html',
                            head_titles=[clear_string(article.title)],
diff --git a/src/web/views/feed.py b/src/web/views/feed.py
index 6bc4afe1..3edb942e 100644
--- a/src/web/views/feed.py
+++ b/src/web/views/feed.py
@@ -80,10 +80,11 @@ def feed(feed_id=None):
 @etag_match
 def feed_pub(feed_id=None):
     """
-    Presents details of a pubic feed.
+    Presents details of a pubic feed if the profile of the owner is also
+    public.
     """
     feed = FeedController(None).get(id=feed_id)
-    if feed.private:
+    if feed.private or not feed.user.is_public_profile:
         return render_template('errors/404.html'), 404
     return feed_view(feed_id, None)
 
-- 
cgit