depau/HackMD
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #313 from elct9620/feature/disable_anonymous_view

Browse source 
WIP: Add options to limit anonymous view note
This commit is contained in:
Max Wu 2017-01-10 20:23:47 +08:00 committed by GitHub
parent 258a59a77d d6be0cf755
commit a8068d38d5
5 changed files with 47 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/models/note.js
View file

@ -23,7 +23,7 @@ var logger = require("../logger.js");
var ot = require("../ot/index.js");
// permission types
var permissionTypes = ["freely", "editable", "locked", "private"];
var permissionTypes = ["freely", "editable", "limited", "private", "protected", "locked"];
module.exports = function (sequelize, DataTypes) {
var Note = sequelize.define("Note", {
@ -333,7 +333,7 @@ module.exports = function (sequelize, DataTypes) {
if (meta.slideOptions && (typeof meta.slideOptions == "object"))
_meta.slideOptions = meta.slideOptions;
}
return _meta;
return _meta;
},
updateAuthorshipByOperation: function (operation, userId, authorships) {
var index = 0;
@ -532,4 +532,4 @@ module.exports = function (sequelize, DataTypes) {
});
return Note;
};
};

20
lib/realtime.js
View file

@ -251,13 +251,13 @@ function getStatus(callback) {
return logger.error('count user failed: ' + err);
});
}).catch(function (err) {
return logger.error('count note failed: ' + err);
return logger.error('count note failed: ' + err);
});
}
function isReady() {
return realtime.io
&& Object.keys(notes).length == 0 && Object.keys(users).length == 0
return realtime.io
&& Object.keys(notes).length == 0 && Object.keys(users).length == 0
&& connectionSocketQueue.length == 0 && !isConnectionBusy
&& disconnectSocketQueue.length == 0 && !isDisconnectBusy;
}
@ -420,7 +420,7 @@ function finishConnection(socket, note, user) {
function startConnection(socket) {
if (isConnectionBusy) return;
isConnectionBusy = true;
var noteId = socket.noteId;
if (!noteId) {
return failConnection(404, 'note id not found', socket);
@ -521,7 +521,7 @@ function disconnect(socket) {
logger.info("SERVER disconnected a client");
logger.info(JSON.stringify(users[socket.id]));
}
if (users[socket.id]) {
delete users[socket.id];
}
@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) {
case "freely":
//not blocking anyone
break;
case "editable":
case "editable": case "limited":
//only login user can change
if (!socket.request.user || !socket.request.user.logged_in)
mayEdit = false;
break;
case "locked": case "private":
case "locked": case "private": case "protected":
//only owner can change
if (!note.owner || note.owner != socket.request.user.id)
mayEdit = false;
@ -672,7 +672,7 @@ function operationCallback(socket, operation) {
var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id);
if (note.server) history.updateHistory(userId, noteId, note.server.document);
}, 0);
}
// save authorship
note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship);
@ -689,10 +689,10 @@ function connection(socket) {
}
if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return;
// store noteId in this socket session
socket.noteId = noteId;
//initialize user data
//random color
var color = randomcolor();

9
lib/response.js
View file

@ -124,6 +124,11 @@ function checkViewPermission(req, note) {
return false;
else
return true;
} else if (note.permission == 'limited' || note.permission == 'protected') {
if( !req.isAuthenticated() ) {
return false;
}
return true;
} else {
return true;
}
@ -163,7 +168,7 @@ function showNote(req, res, next) {
findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId;
var id = LZString.compressToBase64(note.id);
var id = LZString.compressToBase64(note.id);
if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
return res.redirect(config.serverurl + "/" + (note.alias || id));
return responseHackMD(res, note);
@ -415,7 +420,7 @@ function publishSlideActions(req, res, next) {
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
break;
default:
res.redirect(config.serverurl + '/p/' + note.shortid);
res.redirect(config.serverurl + '/p/' + note.shortid);
break;
}
});

28
public/js/index.js
View file

@ -857,7 +857,9 @@ window.ui = {
freely: $(".ui-permission-freely"),
editable: $(".ui-permission-editable"),
locked: $(".ui-permission-locked"),
private: $(".ui-permission-private")
private: $(".ui-permission-private"),
limited: $(".ui-permission-limited"),
protected: $(".ui-permission-protected")
},
delete: $(".ui-delete-note")
},
@ -2247,6 +2249,14 @@ ui.infobar.permission.locked.click(function () {
ui.infobar.permission.private.click(function () {
emitPermission("private");
});
//limited
ui.infobar.permission.limited.click(function() {
emitPermission("limited");
});
//protected
ui.infobar.permission.protected.click(function() {
emitPermission("protected");
});
// delete note
ui.infobar.delete.click(function () {
$('.delete-modal').modal('show');
@ -2277,14 +2287,22 @@ function updatePermission(newPermission) {
label = '<i class="fa fa-shield"></i> Editable';
title = "Signed people can edit";
break;
case "locked":
label = '<i class="fa fa-lock"></i> Locked';
title = "Only owner can edit";
case "limited":
label = '<i class="fa fa-id-card"></i> Limited';
title = "Signed people can edit & guest can't view"
break;
case "private":
label = '<i class="fa fa-hand-stop-o"></i> Private';
title = "Only owner can view & edit";
break;
case "protected":
label = '<i class="fa fa-umbrella"></i> Protected';
title = "Only owner can edit & guest can't view";
break;
case "locked":
label = '<i class="fa fa-lock"></i> Locked';
title = "Only owner can edit";
break;
}
if (personalInfo.userid && owner && personalInfo.userid == owner) {
label += ' <i class="fa fa-caret-down"></i>';
@ -2302,6 +2320,7 @@ function havePermission() {
bool = true;
break;
case "editable":
case "limited":
if (!personalInfo.login) {
bool = false;
} else {
@ -2310,6 +2329,7 @@ function havePermission() {
break;
case "locked":
case "private":
case "protected":
if (!owner || personalInfo.userid != owner) {
bool = false;
} else {

4
public/views/body.ejs
View file

@ -17,8 +17,10 @@
<ul class="dropdown-menu" aria-labelledby="permissionLabel">
<li class="ui-permission-freely"<% if(!allowAnonymous) { %> style="display: none;"<% } %>><a><i class="fa fa-leaf fa-fw"></i> Freely - Anyone can edit</a></li>
<li class="ui-permission-editable"><a><i class="fa fa-shield fa-fw"></i> Editable - Signed people can edit</a></li>
<li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li>
<li class="ui-permission-limited"><a><i class="fa fa-id-card fa-fw"></i> Limited - Signed people can edit &amp; view</a></li>
<li class="ui-permission-private"><a><i class="fa fa-hand-stop-o fa-fw"></i> Private - Only owner can view &amp; edit</a></li>
<li class="ui-permission-protected"><a><i class="fa fa-umbrella fa-fw"></i> Protected - Only owner can edit</a></li>
<li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li>
<li class="divider"></li>
<li class="ui-delete-note"><a><i class="fa fa-trash-o fa-fw"></i> Delete this note</a></li>
</ul>