Refactor checkViewPermission to fix limited & protected permission check bug and fix code style

author: Wu Cheng-Han 2017-01-16 23:47:53 +0800
committer: Wu Cheng-Han 2017-01-16 23:47:53 +0800
commit: 14734372956fa5d6c6159ba8c4b00a90b80ea8d6 (patch)
tree: a128ffb026a1c9ad20e7107f8ffed45819869d6b /lib/realtime.js
parent: e00daee6c0dd0c6e5f2654d24995bc9d86fbc452 (diff)
1 files changed, 28 insertions, 20 deletions
diff --git a/lib/realtime.js b/lib/realtime.js
index 0f2a6680..fadea4f2 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) {
     connectNextSocket();
 }
 
+function checkViewPermission(req, note) {
+    if (note.permission == 'private') {
+        if (req.user && req.user.logged_in && req.user.id == note.owner)
+            return true;
+        else
+            return false;
+    } else if (note.permission == 'limited' || note.permission == 'protected') {
+        if(req.user && req.user.logged_in)
+            return true;
+        else
+            return false;
+    } else {
+        return true;
+    }
+}
+
 var isConnectionBusy = false;
 var connectionSocketQueue = [];
 var isDisconnectBusy = false;
@@ -373,14 +389,10 @@ function finishConnection(socket, note, user) {
     if (!socket || !note || !user) {
         return interruptConnection(socket, note, user);
     }
-    //check view permission
-    if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
-        if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
-            //na
-        } else {
-            interruptConnection(socket, note, user);
-            return failConnection(403, 'connection forbidden', socket);
-        }
+    // check view permission
+    if (!checkViewPermission(socket.request, note)) {
+        interruptConnection(socket, note, user);
+        return failConnection(403, 'connection forbidden', socket);
     }
     // update user color to author color
     if (note.authors[user.userid]) {
@@ -789,18 +801,14 @@ function connection(socket) {
                     for (var i = 0, l = note.socks.length; i < l; i++) {
                         var sock = note.socks[i];
                         if (typeof sock !== 'undefined' && sock) {
-                            //check view permission
-                            if (permission == 'limited' || permission == 'protected' || permission == 'private') {
-                                if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
-                                    //na
-                                } else {
-                                    sock.emit('info', {
-                                        code: 403
-                                    });
-                                    setTimeout(function () {
-                                        sock.disconnect(true);
-                                    }, 0);
-                                }
+                            // check view permission
+                            if (!checkViewPermission(sock.request, note)) {
+                                sock.emit('info', {
+                                    code: 403
+                                });
+                                setTimeout(function () {
+                                    sock.disconnect(true);
+                                }, 0);
                             }
                         }
                     }
author	Wu Cheng-Han	2017-01-16 23:47:53 +0800
committer	Wu Cheng-Han	2017-01-16 23:47:53 +0800
commit	14734372956fa5d6c6159ba8c4b00a90b80ea8d6 (patch)
tree	a128ffb026a1c9ad20e7107f8ffed45819869d6b /lib/realtime.js
parent	e00daee6c0dd0c6e5f2654d24995bc9d86fbc452 (diff)