summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorWu Cheng-Han2017-01-16 23:47:53 +0800
committerWu Cheng-Han2017-01-16 23:47:53 +0800
commit14734372956fa5d6c6159ba8c4b00a90b80ea8d6 (patch)
treea128ffb026a1c9ad20e7107f8ffed45819869d6b /lib
parente00daee6c0dd0c6e5f2654d24995bc9d86fbc452 (diff)
Refactor checkViewPermission to fix limited & protected permission check bug and fix code style
Diffstat (limited to 'lib')
-rw-r--r--lib/realtime.js48
-rwxr-xr-xlib/response.js6
2 files changed, 31 insertions, 23 deletions
diff --git a/lib/realtime.js b/lib/realtime.js
index 0f2a6680..fadea4f2 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) {
connectNextSocket();
}
+function checkViewPermission(req, note) {
+ if (note.permission == 'private') {
+ if (req.user && req.user.logged_in && req.user.id == note.owner)
+ return true;
+ else
+ return false;
+ } else if (note.permission == 'limited' || note.permission == 'protected') {
+ if(req.user && req.user.logged_in)
+ return true;
+ else
+ return false;
+ } else {
+ return true;
+ }
+}
+
var isConnectionBusy = false;
var connectionSocketQueue = [];
var isDisconnectBusy = false;
@@ -373,14 +389,10 @@ function finishConnection(socket, note, user) {
if (!socket || !note || !user) {
return interruptConnection(socket, note, user);
}
- //check view permission
- if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
- if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
- //na
- } else {
- interruptConnection(socket, note, user);
- return failConnection(403, 'connection forbidden', socket);
- }
+ // check view permission
+ if (!checkViewPermission(socket.request, note)) {
+ interruptConnection(socket, note, user);
+ return failConnection(403, 'connection forbidden', socket);
}
// update user color to author color
if (note.authors[user.userid]) {
@@ -789,18 +801,14 @@ function connection(socket) {
for (var i = 0, l = note.socks.length; i < l; i++) {
var sock = note.socks[i];
if (typeof sock !== 'undefined' && sock) {
- //check view permission
- if (permission == 'limited' || permission == 'protected' || permission == 'private') {
- if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
- //na
- } else {
- sock.emit('info', {
- code: 403
- });
- setTimeout(function () {
- sock.disconnect(true);
- }, 0);
- }
+ // check view permission
+ if (!checkViewPermission(sock.request, note)) {
+ sock.emit('info', {
+ code: 403
+ });
+ setTimeout(function () {
+ sock.disconnect(true);
+ }, 0);
}
}
}
diff --git a/lib/response.js b/lib/response.js
index 57d6861d..585d1d54 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -127,10 +127,10 @@ function checkViewPermission(req, note) {
else
return true;
} else if (note.permission == 'limited' || note.permission == 'protected') {
- if( !req.isAuthenticated() ) {
+ if(!req.isAuthenticated())
return false;
- }
- return true;
+ else
+ return true;
} else {
return true;
}