Sugarlessmuffins
commented
1 month ago This Modification fix the issue:
//comment.js:250
async putAction() {
const { userInfo } = this.ctx.state;
const { like } = this.post();
// 1. like
if (think.isEmpty(userInfo)) {
// Unauthorized users cannot proceed
return this.ctx.throw(401, "Unauthorized access");
}
// Check for like request
if (think.isBoolean(like)) {
// Allow any logged-in user to like the comment
this.rules = {
like: {
required: true,
boolean: true,
},
};
return;
}
// 2. administrator
if (userInfo.type === 'administrator') {
return;
}
// 3. comment author modify comment content
const modelInstance = this.getModel('Comment');
const commentData = await modelInstance.select({
user_id: userInfo.objectId,
objectId: this.id,
});
if (!think.isEmpty(commentData)) {
return;
}
return this.ctx.throw(403);
}BUT, now unauthorized user cannot like or update the comment, so its a disadvantage for those who dont want to set LOGIN=force in their application.
@lizheming this is not a fix, but maybe give you idea what to do
lizheming
问题描述 | Describe the bug
When User Logged In, it can't like or unlike another comment other than it self. i think this is logic problem in comment.js. here is the log when error happen:
i think the problem is how waline handle the logic:
i also trying to add log to see if the userinfo is retrieved correctly:
The userInfo is there. and we can see user type is "guest", when type = guest the logic isn't properly handling the case for liking a comment. The 403 error is being thrown because the user is neither an administrator nor the author of the comment, and the logic for handling likes is not allowing the action. it also make anonymous user can like comment even though they are not logged in because when userInfo check is happening they are returning no value.
问题网站 | Website URL
https://komen.izanami.rest
服务部署在哪里? | Where your waline deploy?
Self Host
数据存储在哪里?| Where your comment data store?
MySQL