Refactor checkViewPermission to fix limited & protected permission check bug and fix code style

2017-01-16 23:47:53 +08:00 · 2017-01-16 23:47:53 +08:00 · 1473437295
parent e00daee6c0
commit 1473437295
2 changed files with 31 additions and 23 deletions
--- a/lib/realtime.js
+++ b/lib/realtime.js
@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) {
    connectNextSocket();
 }

+function checkViewPermission(req, note) {
+    if (note.permission == 'private') {
+        if (req.user && req.user.logged_in && req.user.id == note.owner)
+            return true;
+        else
+            return false;
+    } else if (note.permission == 'limited' || note.permission == 'protected') {
+        if(req.user && req.user.logged_in)
+            return true;
+        else
+            return false;
+    } else {
+        return true;
+    }
+}
+
 var isConnectionBusy = false;
 var connectionSocketQueue = [];
 var isDisconnectBusy = false;
@ -373,14 +389,10 @@ function finishConnection(socket, note, user) {
    if (!socket || !note || !user) {
        return interruptConnection(socket, note, user);
    }
-    //check view permission
-    if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
-        if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
-            //na
-        } else {
-            interruptConnection(socket, note, user);
-            return failConnection(403, 'connection forbidden', socket);
-        }
+    // check view permission
+    if (!checkViewPermission(socket.request, note)) {
+        interruptConnection(socket, note, user);
+        return failConnection(403, 'connection forbidden', socket);
    }
    // update user color to author color
    if (note.authors[user.userid]) {
@ -789,18 +801,14 @@ function connection(socket) {
                    for (var i = 0, l = note.socks.length; i < l; i++) {
                        var sock = note.socks[i];
                        if (typeof sock !== 'undefined' && sock) {
-                            //check view permission
-                            if (permission == 'limited' || permission == 'protected' || permission == 'private') {
-                                if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
-                                    //na
-                                } else {
-                                    sock.emit('info', {
-                                        code: 403
-                                    });
-                                    setTimeout(function () {
-                                        sock.disconnect(true);
-                                    }, 0);
-                                }
+                            // check view permission
+                            if (!checkViewPermission(sock.request, note)) {
+                                sock.emit('info', {
+                                    code: 403
+                                });
+                                setTimeout(function () {
+                                    sock.disconnect(true);
+                                }, 0);
                            }
                        }
                    }
--- a/lib/response.js
+++ b/lib/response.js
@ -127,10 +127,10 @@ function checkViewPermission(req, note) {
        else
            return true;
    } else if (note.permission == 'limited' || note.permission == 'protected') {
-        if( !req.isAuthenticated() ) {
+        if(!req.isAuthenticated())
            return false;
-        }
-        return true;
+        else
+            return true;
    } else {
        return true;
    }