From 1fbecbb03d8e94d310885da7d26e1654c548c364 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 23:37:10 +0800 Subject: Fix anonymouse view permission check --- lib/response.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/response.js b/lib/response.js index 69854815..e8430d60 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,12 +117,15 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private' || !config.allowanonymousView) { + if (note.permission == 'private') { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else return true; } else { + if(!config.allowanonymousView && !req.isAuthenticated()) { + return false; + } return true; } } -- cgit v1.2.3