Refactor checkViewPermission to fix limited & protected permission check bug and fix code style

This commit is contained in:
Wu Cheng-Han 2017-01-16 23:47:53 +08:00
parent e00daee6c0
commit 1473437295
2 changed files with 31 additions and 23 deletions

View file

@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) {
connectNextSocket(); connectNextSocket();
} }
function checkViewPermission(req, note) {
if (note.permission == 'private') {
if (req.user && req.user.logged_in && req.user.id == note.owner)
return true;
else
return false;
} else if (note.permission == 'limited' || note.permission == 'protected') {
if(req.user && req.user.logged_in)
return true;
else
return false;
} else {
return true;
}
}
var isConnectionBusy = false; var isConnectionBusy = false;
var connectionSocketQueue = []; var connectionSocketQueue = [];
var isDisconnectBusy = false; var isDisconnectBusy = false;
@ -373,15 +389,11 @@ function finishConnection(socket, note, user) {
if (!socket || !note || !user) { if (!socket || !note || !user) {
return interruptConnection(socket, note, user); return interruptConnection(socket, note, user);
} }
//check view permission // check view permission
if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') { if (!checkViewPermission(socket.request, note)) {
if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
//na
} else {
interruptConnection(socket, note, user); interruptConnection(socket, note, user);
return failConnection(403, 'connection forbidden', socket); return failConnection(403, 'connection forbidden', socket);
} }
}
// update user color to author color // update user color to author color
if (note.authors[user.userid]) { if (note.authors[user.userid]) {
user.color = users[socket.id].color = note.authors[user.userid].color; user.color = users[socket.id].color = note.authors[user.userid].color;
@ -789,11 +801,8 @@ function connection(socket) {
for (var i = 0, l = note.socks.length; i < l; i++) { for (var i = 0, l = note.socks.length; i < l; i++) {
var sock = note.socks[i]; var sock = note.socks[i];
if (typeof sock !== 'undefined' && sock) { if (typeof sock !== 'undefined' && sock) {
//check view permission // check view permission
if (permission == 'limited' || permission == 'protected' || permission == 'private') { if (!checkViewPermission(sock.request, note)) {
if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
//na
} else {
sock.emit('info', { sock.emit('info', {
code: 403 code: 403
}); });
@ -803,7 +812,6 @@ function connection(socket) {
} }
} }
} }
}
}).catch(function (err) { }).catch(function (err) {
return logger.error('update note permission failed: ' + err); return logger.error('update note permission failed: ' + err);
}); });

View file

@ -127,9 +127,9 @@ function checkViewPermission(req, note) {
else else
return true; return true;
} else if (note.permission == 'limited' || note.permission == 'protected') { } else if (note.permission == 'limited' || note.permission == 'protected') {
if( !req.isAuthenticated() ) { if(!req.isAuthenticated())
return false; return false;
} else
return true; return true;
} else { } else {
return true; return true;