From 6f587f4757e524a3b0184a5f1408b53a1c198594 Mon Sep 17 00:00:00 2001
From: Thomas Miceli <27960254+thomiceli@users.noreply.github.com>
Date: Wed, 4 Oct 2023 18:47:50 +0200
Subject: [PATCH] Fix private gist visibility (#128)

---
 internal/web/gist.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/internal/web/gist.go b/internal/web/gist.go
index 3b527c01..0f245b04 100644
--- a/internal/web/gist.go
+++ b/internal/web/gist.go
@@ -18,6 +18,8 @@ import (
 
 func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(ctx echo.Context) error {
+		currUser := getUserLogged(ctx)
+
 		userName := ctx.Param("user")
 		gistName := ctx.Param("gistname")
 
@@ -27,6 +29,13 @@ func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
 		if err != nil {
 			return notFound("Gist not found")
 		}
+
+		if gist.Private == 2 {
+			if currUser == nil || currUser.ID != gist.UserID {
+				return notFound("Gist not found")
+			}
+		}
+
 		setData(ctx, "gist", gist)
 
 		if config.C.SshGit {
@@ -72,7 +81,7 @@ func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
 		}
 		setData(ctx, "nbCommits", nbCommits)
 
-		if currUser := getUserLogged(ctx); currUser != nil {
+		if currUser != nil {
 			hasLiked, err := currUser.HasLiked(gist)
 			if err != nil {
 				return errorRes(500, "Cannot get user like status", err)