diff options
author | 蒼時弦也 | 2017-01-05 23:37:10 +0800 |
---|---|---|
committer | 蒼時弦也 | 2017-01-05 23:37:10 +0800 |
commit | 1fbecbb03d8e94d310885da7d26e1654c548c364 (patch) | |
tree | 5c87b4cef4e679e381a4de2ea84adc3cdcfa68b2 | |
parent | aaf1ff4b2f5ae7ae3a5e4e4a202422484503f559 (diff) |
Fix anonymouse view permission check
Diffstat (limited to '')
-rwxr-xr-x | lib/response.js | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/response.js b/lib/response.js index 69854815..e8430d60 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,12 +117,15 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private' || !config.allowanonymousView) { + if (note.permission == 'private') { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else return true; } else { + if(!config.allowanonymousView && !req.isAuthenticated()) { + return false; + } return true; } } |