Refactor checkViewPermission to fix limited & protected permission check bug and fix code style
This commit is contained in:
Wu Cheng-Han
parent
e00daee6c0
commit
1473437295
|
|
@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) {
|
||||||
connectNextSocket();
|
connectNextSocket();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function checkViewPermission(req, note) {
|
||||||
|
if (note.permission == 'private') {
|
||||||
|
if (req.user && req.user.logged_in && req.user.id == note.owner)
|
||||||
|
return true;
|
||||||
|
else
|
||||||
|
return false;
|
||||||
|
} else if (note.permission == 'limited' || note.permission == 'protected') {
|
||||||
|
if(req.user && req.user.logged_in)
|
||||||
|
return true;
|
||||||
|
else
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
var isConnectionBusy = false;
|
var isConnectionBusy = false;
|
||||||
var connectionSocketQueue = [];
|
var connectionSocketQueue = [];
|
||||||
var isDisconnectBusy = false;
|
var isDisconnectBusy = false;
|
||||||
|
|
@ -373,14 +389,10 @@ function finishConnection(socket, note, user) {
|
||||||
if (!socket || !note || !user) {
|
if (!socket || !note || !user) {
|
||||||
return interruptConnection(socket, note, user);
|
return interruptConnection(socket, note, user);
|
||||||
}
|
}
|
||||||
//check view permission
|
// check view permission
|
||||||
if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
|
if (!checkViewPermission(socket.request, note)) {
|
||||||
if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
|
interruptConnection(socket, note, user);
|
||||||
//na
|
return failConnection(403, 'connection forbidden', socket);
|
||||||
} else {
|
|
||||||
interruptConnection(socket, note, user);
|
|
||||||
return failConnection(403, 'connection forbidden', socket);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// update user color to author color
|
// update user color to author color
|
||||||
if (note.authors[user.userid]) {
|
if (note.authors[user.userid]) {
|
||||||
|
|
@ -789,18 +801,14 @@ function connection(socket) {
|
||||||
for (var i = 0, l = note.socks.length; i < l; i++) {
|
for (var i = 0, l = note.socks.length; i < l; i++) {
|
||||||
var sock = note.socks[i];
|
var sock = note.socks[i];
|
||||||
if (typeof sock !== 'undefined' && sock) {
|
if (typeof sock !== 'undefined' && sock) {
|
||||||
//check view permission
|
// check view permission
|
||||||
if (permission == 'limited' || permission == 'protected' || permission == 'private') {
|
if (!checkViewPermission(sock.request, note)) {
|
||||||
if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
|
sock.emit('info', {
|
||||||
//na
|
code: 403
|
||||||
} else {
|
});
|
||||||
sock.emit('info', {
|
setTimeout(function () {
|
||||||
code: 403
|
sock.disconnect(true);
|
||||||
});
|
}, 0);
|
||||||
setTimeout(function () {
|
|
||||||
sock.disconnect(true);
|
|
||||||
}, 0);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -127,10 +127,10 @@ function checkViewPermission(req, note) {
|
||||||
else
|
else
|
||||||
return true;
|
return true;
|
||||||
} else if (note.permission == 'limited' || note.permission == 'protected') {
|
} else if (note.permission == 'limited' || note.permission == 'protected') {
|
||||||
if( !req.isAuthenticated() ) {
|
if(!req.isAuthenticated())
|
||||||
return false;
|
return false;
|
||||||
}
|
else
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue