From 1fbecbb03d8e94d310885da7d26e1654c548c364 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=92=BC=E6=99=82=E5=BC=A6=E4=B9=9F?= <elct9620@frost.tw>
Date: Thu, 5 Jan 2017 23:37:10 +0800
Subject: [PATCH] Fix anonymouse view permission check

---
 lib/response.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/response.js b/lib/response.js
index 6985481..e8430d6 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -117,12 +117,15 @@ function newNote(req, res, next) {
 }
 
 function checkViewPermission(req, note) {
-    if (note.permission == 'private' || !config.allowanonymousView) {
+    if (note.permission == 'private') {
         if (!req.isAuthenticated() || note.ownerId != req.user.id)
             return false;
         else
             return true;
     } else {
+        if(!config.allowanonymousView && !req.isAuthenticated()) {
+            return false;
+        }
         return true;
     }
 }