From aaf1ff4b2f5ae7ae3a5e4e4a202422484503f559 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 22:36:40 +0800 Subject: Add limit for constrain anonymous view note --- lib/response.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..69854815 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,7 +117,7 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private') { + if (note.permission == 'private' || !config.allowanonymousView) { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 1fbecbb03d8e94d310885da7d26e1654c548c364 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 23:37:10 +0800 Subject: Fix anonymouse view permission check --- lib/response.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index 69854815..e8430d60 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,12 +117,15 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private' || !config.allowanonymousView) { + if (note.permission == 'private') { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else return true; } else { + if(!config.allowanonymousView && !req.isAuthenticated()) { + return false; + } return true; } } -- cgit v1.2.3 From f8e5b547670e3eeb75af3249bb9ad1ee2f44e58f Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 09:32:44 +0800 Subject: Remove temporary change --- lib/response.js | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index e8430d60..910db863 100755 --- a/lib/response.js +++ b/lib/response.js @@ -123,9 +123,6 @@ function checkViewPermission(req, note) { else return true; } else { - if(!config.allowanonymousView && !req.isAuthenticated()) { - return false; - } return true; } } -- cgit v1.2.3 From c21fb8e2a0030095fd8dbfd13f6ba84e933b0e2e Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 09:35:21 +0800 Subject: Recovery tariling spaces --- lib/response.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index 910db863..a0dc8b1f 100755 --- a/lib/response.js +++ b/lib/response.js @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 89b8ddeabae81fd3a8891ce9d8191fbc9e27c83c Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 10:02:37 +0800 Subject: Add limited and protected permission --- lib/response.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..4438be24 100755 --- a/lib/response.js +++ b/lib/response.js @@ -122,6 +122,11 @@ function checkViewPermission(req, note) { return false; else return true; + } else if (note.permission == 'limited' || note.permission == 'protected') { + if( !req.isAuthenticated() ) { + return false; + } + return true; } else { return true; } @@ -161,7 +166,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +418,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3