From 3ee65cd38e2d3bef114079e971f9a158e2a6d2b2 Mon Sep 17 00:00:00 2001
From: Wu Cheng-Han
Date: Thu, 12 Jan 2017 23:45:51 +0800
Subject: Fix for limited and protected permissions should forbid guest in
 realtime events

---
 lib/realtime.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/realtime.js b/lib/realtime.js
index 21390607..0f2a6680 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -374,7 +374,7 @@ function finishConnection(socket, note, user) {
         return interruptConnection(socket, note, user);
     }
     //check view permission
-    if (note.permission == 'private') {
+    if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
         if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
             //na
         } else {
@@ -790,7 +790,7 @@ function connection(socket) {
                         var sock = note.socks[i];
                         if (typeof sock !== 'undefined' && sock) {
                             //check view permission
-                            if (permission == 'private') {
+                            if (permission == 'limited' || permission == 'protected' || permission == 'private') {
                                 if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
                                     //na
                                 } else {
-- 
cgit v1.2.3