diff options
| author | Yukai Huang | 2017-01-21 12:08:52 +0800 |
|---|---|---|
| committer | Yukai Huang | 2017-01-21 12:08:52 +0800 |
| commit | 4bbe035beb41ad2c9f43434d0d90209850a62f70 (patch) | |
| tree | 53095b529b1220b6e2d23f0dbc255af2ca54d7d7 /lib | |
| parent | a9a38c3d75b1cf467bb3b4484abfc09dcbcea107 (diff) | |
| parent | 1de4242473b74afdb2d3e358e3b213ef156ca0de (diff) | |
Merge branch 'master' into frontend-next
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/realtime.js | 48 | ||||
| -rwxr-xr-x | lib/response.js | 9 |
2 files changed, 33 insertions, 24 deletions
diff --git a/lib/realtime.js b/lib/realtime.js index 0f2a6680..fadea4f2 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) { connectNextSocket(); } +function checkViewPermission(req, note) { + if (note.permission == 'private') { + if (req.user && req.user.logged_in && req.user.id == note.owner) + return true; + else + return false; + } else if (note.permission == 'limited' || note.permission == 'protected') { + if(req.user && req.user.logged_in) + return true; + else + return false; + } else { + return true; + } +} + var isConnectionBusy = false; var connectionSocketQueue = []; var isDisconnectBusy = false; @@ -373,14 +389,10 @@ function finishConnection(socket, note, user) { if (!socket || !note || !user) { return interruptConnection(socket, note, user); } - //check view permission - if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') { - if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) { - //na - } else { - interruptConnection(socket, note, user); - return failConnection(403, 'connection forbidden', socket); - } + // check view permission + if (!checkViewPermission(socket.request, note)) { + interruptConnection(socket, note, user); + return failConnection(403, 'connection forbidden', socket); } // update user color to author color if (note.authors[user.userid]) { @@ -789,18 +801,14 @@ function connection(socket) { for (var i = 0, l = note.socks.length; i < l; i++) { var sock = note.socks[i]; if (typeof sock !== 'undefined' && sock) { - //check view permission - if (permission == 'limited' || permission == 'protected' || permission == 'private') { - if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) { - //na - } else { - sock.emit('info', { - code: 403 - }); - setTimeout(function () { - sock.disconnect(true); - }, 0); - } + // check view permission + if (!checkViewPermission(sock.request, note)) { + sock.emit('info', { + code: 403 + }); + setTimeout(function () { + sock.disconnect(true); + }, 0); } } } diff --git a/lib/response.js b/lib/response.js index 9014a0a0..585d1d54 100755 --- a/lib/response.js +++ b/lib/response.js @@ -97,7 +97,8 @@ function responseHackMD(res, note) { dropbox: config.dropbox, google: config.google, ldap: config.ldap, - email: config.email + email: config.email, + allowemailregister: config.allowemailregister }); } @@ -126,10 +127,10 @@ function checkViewPermission(req, note) { else return true; } else if (note.permission == 'limited' || note.permission == 'protected') { - if( !req.isAuthenticated() ) { + if(!req.isAuthenticated()) return false; - } - return true; + else + return true; } else { return true; } |