Fix anonymouse view permission check
This commit is contained in:
parent
aaf1ff4b2f
commit
1fbecbb03d
1 changed files with 4 additions and 1 deletions
|
@ -117,12 +117,15 @@ function newNote(req, res, next) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function checkViewPermission(req, note) {
|
function checkViewPermission(req, note) {
|
||||||
if (note.permission == 'private' || !config.allowanonymousView) {
|
if (note.permission == 'private') {
|
||||||
if (!req.isAuthenticated() || note.ownerId != req.user.id)
|
if (!req.isAuthenticated() || note.ownerId != req.user.id)
|
||||||
return false;
|
return false;
|
||||||
else
|
else
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
|
if(!config.allowanonymousView && !req.isAuthenticated()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue