From 89b8ddeabae81fd3a8891ce9d8191fbc9e27c83c Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 10:02:37 +0800 Subject: Add limited and protected permission --- lib/realtime.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'lib/realtime.js') diff --git a/lib/realtime.js b/lib/realtime.js index a662deeb..b728622f 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -251,13 +251,13 @@ function getStatus(callback) { return logger.error('count user failed: ' + err); }); }).catch(function (err) { - return logger.error('count note failed: ' + err); + return logger.error('count note failed: ' + err); }); } function isReady() { - return realtime.io - && Object.keys(notes).length == 0 && Object.keys(users).length == 0 + return realtime.io + && Object.keys(notes).length == 0 && Object.keys(users).length == 0 && connectionSocketQueue.length == 0 && !isConnectionBusy && disconnectSocketQueue.length == 0 && !isDisconnectBusy; } @@ -420,7 +420,7 @@ function finishConnection(socket, note, user) { function startConnection(socket) { if (isConnectionBusy) return; isConnectionBusy = true; - + var noteId = socket.noteId; if (!noteId) { return failConnection(404, 'note id not found', socket); @@ -521,7 +521,7 @@ function disconnect(socket) { logger.info("SERVER disconnected a client"); logger.info(JSON.stringify(users[socket.id])); } - + if (users[socket.id]) { delete users[socket.id]; } @@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) { case "freely": //not blocking anyone break; - case "editable": + case "editable": case: "limited": //only login user can change if (!socket.request.user || !socket.request.user.logged_in) mayEdit = false; break; - case "locked": case "private": + case "locked": case "private": case "protected": //only owner can change if (!note.owner || note.owner != socket.request.user.id) mayEdit = false; @@ -672,7 +672,7 @@ function operationCallback(socket, operation) { var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id); if (note.server) history.updateHistory(userId, noteId, note.server.document); }, 0); - + } // save authorship note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship); @@ -689,10 +689,10 @@ function connection(socket) { } if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return; - + // store noteId in this socket session socket.noteId = noteId; - + //initialize user data //random color var color = randomcolor(); -- cgit v1.2.3 From be7696170fbfb9a0744a1400709479ac2e4c60e7 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 10:19:18 +0800 Subject: Fix syntax when use case --- lib/realtime.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/realtime.js') diff --git a/lib/realtime.js b/lib/realtime.js index b728622f..a3c56c41 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -618,7 +618,7 @@ function ifMayEdit(socket, callback) { case "freely": //not blocking anyone break; - case "editable": case: "limited": + case "editable": case "limited": //only login user can change if (!socket.request.user || !socket.request.user.logged_in) mayEdit = false; -- cgit v1.2.3 From 7e191acbde048b4ce274d1dbe49fb63a627a3def Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Thu, 12 Jan 2017 17:18:24 +0800 Subject: Fix author creation in operationCallback might cause unique constraint validation error --- lib/realtime.js | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'lib/realtime.js') diff --git a/lib/realtime.js b/lib/realtime.js index a3c56c41..21390607 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -652,17 +652,25 @@ function operationCallback(socket, operation) { if (!user) return; userId = socket.request.user.id; if (!note.authors[userId]) { - models.Author.create({ - noteId: noteId, - userId: userId, - color: user.color - }).then(function (author) { - note.authors[author.userId] = { - userid: author.userId, - color: author.color, - photo: user.photo, - name: user.name - }; + models.Author.findOrCreate({ + where: { + noteId: noteId, + userId: userId + }, + defaults: { + noteId: noteId, + userId: userId, + color: user.color + } + }).spread(function (author, created) { + if (author) { + note.authors[author.userId] = { + userid: author.userId, + color: author.color, + photo: user.photo, + name: user.name + }; + } }).catch(function (err) { return logger.error('operation callback failed: ' + err); }); -- cgit v1.2.3 From 3ee65cd38e2d3bef114079e971f9a158e2a6d2b2 Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Thu, 12 Jan 2017 23:45:51 +0800 Subject: Fix for limited and protected permissions should forbid guest in realtime events --- lib/realtime.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/realtime.js') diff --git a/lib/realtime.js b/lib/realtime.js index 21390607..0f2a6680 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -374,7 +374,7 @@ function finishConnection(socket, note, user) { return interruptConnection(socket, note, user); } //check view permission - if (note.permission == 'private') { + if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') { if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) { //na } else { @@ -790,7 +790,7 @@ function connection(socket) { var sock = note.socks[i]; if (typeof sock !== 'undefined' && sock) { //check view permission - if (permission == 'private') { + if (permission == 'limited' || permission == 'protected' || permission == 'private') { if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) { //na } else { -- cgit v1.2.3