summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorWu Cheng-Han2017-01-12 23:45:51 +0800
committerWu Cheng-Han2017-01-12 23:45:51 +0800
commit3ee65cd38e2d3bef114079e971f9a158e2a6d2b2 (patch)
treef2f94494edd34c7e461800596d8b79449fa5473a /lib
parent48510984775a8b9caac295448840e56f65f164dd (diff)
Fix for limited and protected permissions should forbid guest in realtime events
Diffstat (limited to '')
-rw-r--r--lib/realtime.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/realtime.js b/lib/realtime.js
index 21390607..0f2a6680 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -374,7 +374,7 @@ function finishConnection(socket, note, user) {
return interruptConnection(socket, note, user);
}
//check view permission
- if (note.permission == 'private') {
+ if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
//na
} else {
@@ -790,7 +790,7 @@ function connection(socket) {
var sock = note.socks[i];
if (typeof sock !== 'undefined' && sock) {
//check view permission
- if (permission == 'private') {
+ if (permission == 'limited' || permission == 'protected' || permission == 'private') {
if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
//na
} else {