Merge remote-tracking branch 'origin/fix/2.0.1/chat' into test

Author: LinkinStars

internal/cli/build.go

@@ -211,9 +211,27 @@ func createMainGoFile(b *buildingMaterial) (err error) {
 
 // downloadGoModFile run go mod commands to download dependencies
 func downloadGoModFile(b *buildingMaterial) (err error) {
-	// If user specify a module replacement, use it. Otherwise, use the latest version.
-	if len(b.answerModuleReplacement) > 0 {
-		replacement := fmt.Sprintf("%s=%s", "github.com/apache/answer", b.answerModuleReplacement)
+	answerReplacement := b.answerModuleReplacement
+
+	// If no replacement specified and current binary is v2+, auto-determine replacement.
+	// This is needed because go mod tidy would otherwise resolve github.com/apache/answer
+	// to the latest v1.x version, causing v2+ features (e.g. AI/MCP) to disappear.
+	if len(answerReplacement) == 0 && b.originalAnswerInfo.Version != "" {
+		ver, verErr := semver.NewVersion(strings.TrimPrefix(b.originalAnswerInfo.Version, "v"))
+		if verErr == nil && ver.Major() >= 2 {
+			answerReplacement = fmt.Sprintf("github.com/apache/answer@%s", b.originalAnswerInfo.Version)
+		}
+	}
+
+	if len(answerReplacement) > 0 {
+		// For v2+ versioned module paths (e.g. github.com/apache/answer@v2.0.0),
+		// go mod tidy rejects the version because the module path lacks a /v2 suffix.
+		// Work around this by cloning the repo locally and using a local path replacement.
+		localPath, resolveErr := resolveAnswerModuleReplacement(answerReplacement, b.tmpDir)
+		if resolveErr != nil {
+			return resolveErr
+		}
+		replacement := fmt.Sprintf("%s=%s", "github.com/apache/answer", localPath)
 		err = b.newExecCmd("go", "mod", "edit", "-replace", replacement).Run()
 		if err != nil {
 			return err
@@ -232,6 +250,56 @@ func downloadGoModFile(b *buildingMaterial) (err error) {
 	return
 }
 
+// resolveAnswerModuleReplacement resolves the ANSWER_MODULE value to a usable local path or
+// remote replacement string. For v2+ versioned module paths (e.g. github.com/apache/answer@v2.0.0),
+// Go module system rejects the version because the module path has no /v2 suffix. In that case
+// the repository is cloned locally and the local path is returned instead.
+func resolveAnswerModuleReplacement(replacement, tmpDir string) (string, error) {
+	// Local paths can be used as-is.
+	if strings.HasPrefix(replacement, "/") || strings.HasPrefix(replacement, "./") || strings.HasPrefix(replacement, "../") {
+		return replacement, nil
+	}
+
+	// Parse module@version format.
+	moduleName, version, hasVersion := strings.Cut(replacement, "@")
+	if !hasVersion {
+		return replacement, nil
+	}
+
+	// Only handle v2+ versions on module paths without the /vN suffix.
+	ver, err := semver.StrictNewVersion(strings.TrimPrefix(version, "v"))
+	if err != nil || ver.Major() < 2 {
+		return replacement, nil
+	}
+	if strings.HasSuffix(moduleName, fmt.Sprintf("/v%d", ver.Major())) {
+		return replacement, nil
+	}
+
+	// Clone the repo to a local directory and return its path.
+	gitURL := "https://" + moduleName
+	tag := "v" + strings.TrimPrefix(version, "v")
+	localPath := filepath.Join(filepath.Dir(tmpDir), fmt.Sprintf("answer_src_%s", strings.ReplaceAll(version, ".", "_")))
+
+	if _, statErr := os.Stat(localPath); statErr == nil {
+		fmt.Printf("[build] using cached local clone at %s\n", localPath)
+		return localPath, nil
+	}
+
+	fmt.Printf("[build] v2+ module detected, cloning %s@%s to local path %s...\n", moduleName, version, localPath)
+	cloneCmd := exec.Command("git", "clone", "--depth=1", "--branch="+tag, gitURL, localPath)
+	cloneCmd.Stdout = os.Stdout
+	cloneCmd.Stderr = os.Stderr
+	if err = cloneCmd.Run(); err != nil {
+		return "", fmt.Errorf(
+			"failed to clone %s@%s: %w\nTip: set ANSWER_MODULE to a local checkout path instead, e.g. ANSWER_MODULE=/path/to/answer",
+			moduleName, version, err,
+		)
+	}
+
+	fmt.Printf("[build] successfully cloned to %s\n", localPath)
+	return localPath, nil
+}
+
 // movePluginToVendor move plugin to vendor dir
 // Traverse the plugins, and if the plugin path is not github.com/apache/answer-plugins, move the contents of the current plugin to the vendor/github.com/apache/answer-plugins/ directory.
 func movePluginToVendor(b *buildingMaterial) (err error) {

internal/controller/answer_controller.go

@@ -164,8 +164,9 @@ func (ac *AnswerController) GetAnswerInfo(ctx *gin.Context) {
 	id := ctx.Query("id")
 	id = uid.DeShortID(id)
 	userID := middleware.GetLoginUserIDFromContext(ctx)
+	isAdminModerator := middleware.GetUserIsAdminModerator(ctx)
 
-	info, questionInfo, has, err := ac.answerService.Get(ctx, id, userID)
+	info, questionInfo, has, err := ac.answerService.Get(ctx, id, userID, isAdminModerator)
 	if err != nil {
 		handler.HandleResponse(ctx, err, gin.H{})
 		return
@@ -271,7 +272,7 @@ func (ac *AnswerController) AddAnswer(ctx *gin.Context) {
 	if !isAdmin || !linkUrlLimitUser {
 		ac.actionService.ActionRecordAdd(ctx, entity.CaptchaActionAnswer, req.UserID)
 	}
-	info, questionInfo, has, err := ac.answerService.Get(ctx, answerID, req.UserID)
+	info, questionInfo, has, err := ac.answerService.Get(ctx, answerID, req.UserID, isAdmin)
 	if err != nil {
 		handler.HandleResponse(ctx, err, nil)
 		return
@@ -348,7 +349,7 @@ func (ac *AnswerController) UpdateAnswer(ctx *gin.Context) {
 	if !isAdmin || !linkUrlLimitUser {
 		ac.actionService.ActionRecordAdd(ctx, entity.CaptchaActionEdit, req.UserID)
 	}
-	_, _, _, err = ac.answerService.Get(ctx, req.ID, req.UserID)
+	_, _, _, err = ac.answerService.Get(ctx, req.ID, req.UserID, isAdmin)
 	if err != nil {
 		handler.HandleResponse(ctx, err, nil)
 		return
@@ -376,6 +377,7 @@ func (ac *AnswerController) AnswerList(ctx *gin.Context) {
 
 	req.UserID = middleware.GetLoginUserIDFromContext(ctx)
 	req.QuestionID = uid.DeShortID(req.QuestionID)
+	req.IsAdminModerator = middleware.GetUserIsAdminModerator(ctx)
 
 	canList, err := ac.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
 		permission.AnswerEdit,

internal/controller/comment_controller.go

@@ -248,6 +248,7 @@ func (cc *CommentController) GetCommentWithPage(ctx *gin.Context) {
 	req.ObjectID = uid.DeShortID(req.ObjectID)
 	req.CommentID = uid.DeShortID(req.CommentID)
 	req.UserID = middleware.GetLoginUserIDFromContext(ctx)
+	req.IsAdminModerator = middleware.GetUserIsAdminModerator(ctx)
 	canList, err := cc.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
 		permission.CommentEdit,
 		permission.CommentDelete,
@@ -300,6 +301,7 @@ func (cc *CommentController) GetComment(ctx *gin.Context) {
 	}
 
 	req.UserID = middleware.GetLoginUserIDFromContext(ctx)
+	req.IsAdminModerator = middleware.GetUserIsAdminModerator(ctx)
 	canList, err := cc.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
 		permission.CommentEdit,
 		permission.CommentDelete,

internal/controller/question_controller.go

@@ -234,6 +234,7 @@ func (qc *QuestionController) GetQuestion(ctx *gin.Context) {
 	id = uid.DeShortID(id)
 	userID := middleware.GetLoginUserIDFromContext(ctx)
 	req := schema.QuestionPermission{}
+	req.IsAdminModerator = middleware.GetUserIsAdminModerator(ctx)
 	canList, err := qc.rankService.CheckOperationPermissions(ctx, userID, []string{
 		permission.QuestionEdit,
 		permission.QuestionDelete,
@@ -590,7 +591,7 @@ func (qc *QuestionController) AddQuestionByAnswer(ctx *gin.Context) {
 			handler.HandleResponse(ctx, err, nil)
 			return
 		}
-		info, questionInfo, has, err := qc.answerService.Get(ctx, answerID, req.UserID)
+		info, questionInfo, has, err := qc.answerService.Get(ctx, answerID, req.UserID, isAdmin)
 		if err != nil {
 			handler.HandleResponse(ctx, err, nil)
 			return

internal/schema/answer_schema.go

@@ -106,15 +106,16 @@ type AnswerUpdateResp struct {
 }
 
 type AnswerListReq struct {
-	QuestionID string `json:"question_id" form:"question_id"`
-	Order      string `json:"order" form:"order"`
-	Page       int    `json:"page" form:"page"`
-	PageSize   int    `json:"page_size" form:"page_size"`
-	UserID     string `json:"-"`
-	IsAdmin    bool   `json:"-"`
-	CanEdit    bool   `json:"-"`
-	CanDelete  bool   `json:"-"`
-	CanRecover bool   `json:"-"`
+	QuestionID       string `json:"question_id" form:"question_id"`
+	Order            string `json:"order" form:"order"`
+	Page             int    `json:"page" form:"page"`
+	PageSize         int    `json:"page_size" form:"page_size"`
+	UserID           string `json:"-"`
+	IsAdmin          bool   `json:"-"`
+	IsAdminModerator bool   `json:"-"`
+	CanEdit          bool   `json:"-"`
+	CanDelete        bool   `json:"-"`
+	CanRecover       bool   `json:"-"`
 }
 
 type AnswerInfo struct {

internal/schema/comment_schema.go

@@ -150,7 +150,8 @@ type GetCommentWithPageReq struct {
 	// query condition
 	QueryCond string `validate:"omitempty,oneof=vote created_at" form:"query_cond"`
 	// user id
-	UserID string `json:"-"`
+	UserID           string `json:"-"`
+	IsAdminModerator bool   `json:"-"`
 	// whether user can edit it
 	CanEdit bool `json:"-"`
 	// whether user can delete it
@@ -162,7 +163,8 @@ type GetCommentReq struct {
 	// object id
 	ID string `validate:"required" form:"id"`
 	// user id
-	UserID string `json:"-"`
+	UserID           string `json:"-"`
+	IsAdminModerator bool   `json:"-"`
 	// whether user can edit it
 	CanEdit bool `json:"-"`
 	// whether user can delete it

internal/schema/question_schema.go

@@ -143,6 +143,7 @@ func (req *QuestionAddByAnswer) Check() (errFields []*validator.FormErrorField,
 }
 
 type QuestionPermission struct {
+	IsAdminModerator bool `json:"-"`
 	// whether user can add it
 	CanAdd bool `json:"-"`
 	// whether user can edit it

internal/schema/simple_obj_info_schema.go

@@ -21,25 +21,28 @@ package schema
 
 import (
 	"github.com/apache/answer/internal/base/constant"
+	"github.com/apache/answer/internal/base/reason"
 	"github.com/apache/answer/internal/entity"
+	"github.com/segmentfault/pacman/errors"
 )
 
 // SimpleObjectInfo simple object info
 type SimpleObjectInfo struct {
-	ObjectID            string `json:"object_id"`
-	ObjectCreatorUserID string `json:"object_creator_user_id"`
-	QuestionID          string `json:"question_id"`
-	QuestionStatus      int    `json:"question_status"`
-	QuestionShow        int    `json:"question_show"`
-	AnswerID            string `json:"answer_id"`
-	AnswerStatus        int    `json:"answer_status"`
-	CommentID           string `json:"comment_id"`
-	CommentStatus       int    `json:"comment_status"`
-	TagID               string `json:"tag_id"`
-	TagStatus           int    `json:"tag_status"`
-	ObjectType          string `json:"object_type"`
-	Title               string `json:"title"`
-	Content             string `json:"content"`
+	ObjectID              string `json:"object_id"`
+	ObjectCreatorUserID   string `json:"object_creator_user_id"`
+	QuestionID            string `json:"question_id"`
+	QuestionCreatorUserID string `json:"question_creator_user_id"`
+	QuestionStatus        int    `json:"question_status"`
+	QuestionShow          int    `json:"question_show"`
+	AnswerID              string `json:"answer_id"`
+	AnswerStatus          int    `json:"answer_status"`
+	CommentID             string `json:"comment_id"`
+	CommentStatus         int    `json:"comment_status"`
+	TagID                 string `json:"tag_id"`
+	TagStatus             int    `json:"tag_status"`
+	ObjectType            string `json:"object_type"`
+	Title                 string `json:"title"`
+	Content               string `json:"content"`
 }
 
 // IsDeleted is deleted
@@ -57,6 +60,88 @@ func (s *SimpleObjectInfo) IsDeleted() bool {
 	return false
 }
 
+func (s *SimpleObjectInfo) CheckVisibility(userID string, isAdminModerator bool) error {
+	if s == nil {
+		return errors.NotFound(reason.ObjectNotFound)
+	}
+	if s.isObjectRestricted() && !s.canViewObject(userID, isAdminModerator) {
+		return errors.NotFound(s.objectNotFoundReason())
+	}
+	if s.hasParentQuestion() && s.isParentQuestionRestricted() &&
+		!s.canViewParentQuestion(userID, isAdminModerator) {
+		return errors.NotFound(reason.QuestionNotFound)
+	}
+	return nil
+}
+
+func (s *SimpleObjectInfo) canViewObject(userID string, isAdminModerator bool) bool {
+	if isAdminModerator {
+		return true
+	}
+	switch s.ObjectType {
+	case constant.QuestionObjectType:
+		return s.QuestionCreatorUserID == userID
+	case constant.AnswerObjectType, constant.CommentObjectType, constant.TagObjectType:
+		return s.ObjectCreatorUserID == userID
+	default:
+		return false
+	}
+}
+
+func (s *SimpleObjectInfo) canViewParentQuestion(userID string, isAdminModerator bool) bool {
+	if isAdminModerator {
+		return true
+	}
+	return s.QuestionCreatorUserID == userID
+}
+
+func (s *SimpleObjectInfo) hasParentQuestion() bool {
+	switch s.ObjectType {
+	case constant.AnswerObjectType, constant.CommentObjectType:
+		return len(s.QuestionID) > 0 && s.QuestionID != "0"
+	default:
+		return false
+	}
+}
+
+func (s *SimpleObjectInfo) isObjectRestricted() bool {
+	switch s.ObjectType {
+	case constant.QuestionObjectType:
+		return s.QuestionStatus == entity.QuestionStatusDeleted ||
+			s.QuestionStatus == entity.QuestionStatusPending ||
+			s.QuestionShow == entity.QuestionHide
+	case constant.AnswerObjectType:
+		return s.AnswerStatus == entity.AnswerStatusDeleted || s.AnswerStatus == entity.AnswerStatusPending
+	case constant.CommentObjectType:
+		return s.CommentStatus == entity.CommentStatusDeleted || s.CommentStatus == entity.CommentStatusPending
+	case constant.TagObjectType:
+		return s.TagStatus == entity.TagStatusDeleted
+	default:
+		return false
+	}
+}
+
+func (s *SimpleObjectInfo) isParentQuestionRestricted() bool {
+	return s.QuestionStatus == entity.QuestionStatusDeleted ||
+		s.QuestionStatus == entity.QuestionStatusPending ||
+		s.QuestionShow == entity.QuestionHide
+}
+
+func (s *SimpleObjectInfo) objectNotFoundReason() string {
+	switch s.ObjectType {
+	case constant.QuestionObjectType:
+		return reason.QuestionNotFound
+	case constant.AnswerObjectType:
+		return reason.AnswerNotFound
+	case constant.CommentObjectType:
+		return reason.CommentNotFound
+	case constant.TagObjectType:
+		return reason.TagNotFound
+	default:
+		return reason.ObjectNotFound
+	}
+}
+
 type UnreviewedRevisionInfoInfo struct {
 	CreatedAt           int64      `json:"created_at"`
 	ObjectID            string     `json:"object_id"`

internal/service/comment/comment_service.go

@@ -348,6 +348,13 @@ func (cs *CommentService) GetComment(ctx context.Context, req *schema.GetComment
 	if !exist {
 		return nil, errors.BadRequest(reason.CommentNotFound)
 	}
+	objInfo, err := cs.objectInfoService.GetInfo(ctx, comment.ObjectID)
+	if err != nil {
+		return nil, err
+	}
+	if err := objInfo.CheckVisibility(req.UserID, req.IsAdminModerator); err != nil {
+		return nil, err
+	}
 
 	resp = &schema.GetCommentResp{
 		CommentID:      comment.ID,
@@ -399,6 +406,13 @@ func (cs *CommentService) GetComment(ctx context.Context, req *schema.GetComment
 // GetCommentWithPage get comment list page
 func (cs *CommentService) GetCommentWithPage(ctx context.Context, req *schema.GetCommentWithPageReq) (
 	pageModel *pager.PageModel, err error) {
+	objInfo, err := cs.objectInfoService.GetInfo(ctx, req.ObjectID)
+	if err != nil {
+		return nil, err
+	}
+	if err := objInfo.CheckVisibility(req.UserID, req.IsAdminModerator); err != nil {
+		return nil, err
+	}
 	dto := &CommentQuery{
 		PageCond:  pager.PageCond{Page: req.Page, PageSize: req.PageSize},
 		ObjectID:  req.ObjectID,