diff options
author | Wu Cheng-Han | 2017-01-12 23:45:51 +0800 |
---|---|---|
committer | Wu Cheng-Han | 2017-01-12 23:45:51 +0800 |
commit | 3ee65cd38e2d3bef114079e971f9a158e2a6d2b2 (patch) | |
tree | f2f94494edd34c7e461800596d8b79449fa5473a /lib | |
parent | 48510984775a8b9caac295448840e56f65f164dd (diff) |
Fix for limited and protected permissions should forbid guest in realtime events
Diffstat (limited to '')
-rw-r--r-- | lib/realtime.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/realtime.js b/lib/realtime.js index 21390607..0f2a6680 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -374,7 +374,7 @@ function finishConnection(socket, note, user) { return interruptConnection(socket, note, user); } //check view permission - if (note.permission == 'private') { + if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') { if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) { //na } else { @@ -790,7 +790,7 @@ function connection(socket) { var sock = note.socks[i]; if (typeof sock !== 'undefined' && sock) { //check view permission - if (permission == 'private') { + if (permission == 'limited' || permission == 'protected' || permission == 'private') { if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) { //na } else { |