Disallow unconnected user from seeing non-public notes.
This commit is contained in:
parent
c0ebd3876f
commit
86e10b3c03
|
@ -131,7 +131,7 @@
|
|||
(define page (weblet-parameter-ref param 'page #f))
|
||||
(define note (get-note-by-name page))
|
||||
(cond
|
||||
( note
|
||||
( (and note (or (note-public? note) can-edit?))
|
||||
( (pages:template
|
||||
#:title (note-title note)
|
||||
#:author (note-author note)
|
||||
|
@ -146,6 +146,9 @@
|
|||
'())
|
||||
))
|
||||
param))
|
||||
( note
|
||||
; Note exists, but is private and user cannot edit it => not authorized
|
||||
(pages:notepad:error param 'unauthorized))
|
||||
( can-edit?
|
||||
; Page does not exists, but user can edit => redirect to page creation
|
||||
(redirect-to
|
||||
|
|
Loading…
Reference in New Issue