Add limited and protected permission

3 files changed, 20 insertions, 15 deletions

diff --git a/lib/models/note.js b/lib/models/note.js
index 132f8b1e..47d9b97a 100644
--- a/lib/models/note.js
+++ b/lib/models/note.js
@@ -23,7 +23,7 @@ var logger = require("../logger.js");
 var ot = require("../ot/index.js");
 
 // permission types
-var permissionTypes = ["freely", "editable", "locked", "private"];
+var permissionTypes = ["freely", "editable", "locked", "private", "limited", "protected"];
 
 module.exports = function (sequelize, DataTypes) {
     var Note = sequelize.define("Note", {
@@ -333,7 +333,7 @@ module.exports = function (sequelize, DataTypes) {
                     if (meta.slideOptions && (typeof meta.slideOptions == "object"))
                         _meta.slideOptions = meta.slideOptions;
                 }
-                return _meta; 
+                return _meta;
             },
             updateAuthorshipByOperation: function (operation, userId, authorships) {
                 var index = 0;
@@ -532,4 +532,4 @@ module.exports = function (sequelize, DataTypes) {
     });
 
     return Note;
-};
\ No newline at end of file
+};
diff --git a/lib/realtime.js b/lib/realtime.js
index a662deeb..b728622f 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -251,13 +251,13 @@ function getStatus(callback) {
             return logger.error('count user failed: ' + err);
         });
     }).catch(function (err) {
-        return logger.error('count note failed: ' + err); 
+        return logger.error('count note failed: ' + err);
     });
 }
 
 function isReady() {
-    return realtime.io 
-    && Object.keys(notes).length == 0 && Object.keys(users).length == 0 
+    return realtime.io
+    && Object.keys(notes).length == 0 && Object.keys(users).length == 0
     && connectionSocketQueue.length == 0 && !isConnectionBusy
     && disconnectSocketQueue.length == 0 && !isDisconnectBusy;
 }
@@ -420,7 +420,7 @@ function finishConnection(socket, note, user) {
 function startConnection(socket) {
     if (isConnectionBusy) return;
     isConnectionBusy = true;
-        
+
     var noteId = socket.noteId;
     if (!noteId) {
         return failConnection(404, 'note id not found', socket);
@@ -521,7 +521,7 @@ function disconnect(socket) {
         logger.info("SERVER disconnected a client");
         logger.info(JSON.stringify(users[socket.id]));
     }
-	
+
     if (users[socket.id]) {
         delete users[socket.id];
     }
@@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) {
         case "freely":
             //not blocking anyone
             break;
-        case "editable":
+        case "editable": case: "limited":
             //only login user can change
             if (!socket.request.user || !socket.request.user.logged_in)
                 mayEdit = false;
             break;
-        case "locked": case "private":
+        case "locked": case "private": case "protected":
             //only owner can change
             if (!note.owner || note.owner != socket.request.user.id)
                 mayEdit = false;
@@ -672,7 +672,7 @@ function operationCallback(socket, operation) {
             var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id);
             if (note.server) history.updateHistory(userId, noteId, note.server.document);
         }, 0);
-        
+
     }
     // save authorship
     note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship);
@@ -689,10 +689,10 @@ function connection(socket) {
         }
 
         if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return;
-        
+
         // store noteId in this socket session
         socket.noteId = noteId;
-        
+
         //initialize user data
         //random color
         var color = randomcolor();
diff --git a/lib/response.js b/lib/response.js
index a0dc8b1f..4438be24 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -122,6 +122,11 @@ function checkViewPermission(req, note) {
             return false;
         else
             return true;
+    } else if (note.permission == 'limited' || note.permission == 'protected') {
+        if( !req.isAuthenticated() ) {
+            return false;
+        }
+        return true;
     } else {
         return true;
     }
@@ -161,7 +166,7 @@ function showNote(req, res, next) {
     findNote(req, res, function (note) {
         // force to use note id
         var noteId = req.params.noteId;
-        var id = LZString.compressToBase64(note.id); 
+        var id = LZString.compressToBase64(note.id);
         if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
             return res.redirect(config.serverurl + "/" + (note.alias || id));
         return responseHackMD(res, note);
@@ -413,7 +418,7 @@ function publishSlideActions(req, res, next) {
             res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
             break;
         default:
-            res.redirect(config.serverurl + '/p/' + note.shortid);    
+            res.redirect(config.serverurl + '/p/' + note.shortid);
             break;
         }
     });