From b4f7d00ad9d13f96323366ded2eb7702e37f6e52 Mon Sep 17 00:00:00 2001
From: FChannel <>
Date: Sat, 19 Jun 2021 19:04:43 -0700
Subject: admin can mark objects as senstive

---
 main.go | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

(limited to 'main.go')

diff --git a/main.go b/main.go
index 6803053..8886266 100644
--- a/main.go
+++ b/main.go
@@ -801,6 +801,63 @@ func main() {
 		w.Write([]byte(""))				
 	})
 
+	http.HandleFunc("/marksensitive", func(w http.ResponseWriter, r *http.Request){
+		
+		id := r.URL.Query().Get("id")
+		board := r.URL.Query().Get("board")		
+
+		_, auth := GetPasswordFromSession(r)
+
+		if id == "" || auth == "" {
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(""))
+			return
+		}
+		
+		col := GetCollectionFromID(id)
+
+		if len(col.OrderedItems) < 1 {
+			if !HasAuth(db, auth, GetActorByNameFromDB(db, board).Id) {
+				w.WriteHeader(http.StatusBadRequest)
+				w.Write([]byte(""))
+				return
+			}
+
+			MarkObjectSensitive(db, id, true)
+			
+			http.Redirect(w, r, "/" + board, http.StatusSeeOther)
+			return
+		}
+		
+		actor := col.OrderedItems[0].Actor
+
+		var OP string
+		if (len(col.OrderedItems[0].InReplyTo) > 0 && col.OrderedItems[0].InReplyTo[0].Id != "") {
+			OP = col.OrderedItems[0].InReplyTo[0].Id
+		} else {
+			OP = id
+		}
+		
+		if !HasAuth(db, auth, actor.Id) {
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(""))
+			return
+		}
+
+		MarkObjectSensitive(db, id, true)
+
+		if !IsIDLocal(db, OP) {
+			http.Redirect(w, r, "/" + board + "/" + remoteShort(OP), http.StatusSeeOther)
+			return
+		} else {
+			http.Redirect(w, r, OP, http.StatusSeeOther)
+			return
+		}
+
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(""))				
+	})	
+
 	http.HandleFunc("/remove", func(w http.ResponseWriter, r *http.Request){
 		id := r.URL.Query().Get("id")
 		manage := r.URL.Query().Get("manage")
-- 
cgit v1.2.3