From 6ae4b8bf1369bff8cc50325b66db66659d2718a5 Mon Sep 17 00:00:00 2001
From: Dario Ernst <daddel9@nebuk.de>
Date: Sat, 20 Jan 2018 15:05:05 +0100
Subject: [PATCH] Add option to enable `freely` permission in closed instance

Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.

Signed-off-by: Dario Ernst <dario@kanojo.de>
---
 README.md                    | 2 ++
 lib/config/default.js        | 1 +
 lib/config/environment.js    | 1 +
 lib/config/index.js          | 2 +-
 lib/realtime.js              | 2 +-
 lib/response.js              | 2 ++
 public/views/hackmd/body.ejs | 2 +-
 7 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b820c92..1e7d79a 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,7 @@ There are some configs you need to change in the files below
 | HMD_URL_ADDPORT | `true` or `false` | set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set) |
 | HMD_USECDN | `true` or `false` | set to use CDN resources or not (default is `true`) |
 | HMD_ALLOW_ANONYMOUS | `true` or `false` | set to allow anonymous usage (default is `true`) |
+| HMD_ALLOW_ANONYMOUS_EDITS | `true` or `false` | if `allowanonymous` is `true`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) |
 | HMD_ALLOW_FREEURL | `true` or `false` | set to allow new note by accessing not exist note url |
 | HMD_DEFAULT_PERMISSION | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) |
 | HMD_DB_URL | `mysql://localhost:3306/database` | set the db url |
@@ -212,6 +213,7 @@ There are some configs you need to change in the files below
 | urladdport | `true` or `false` | set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set) |
 | usecdn | `true` or `false` | set to use CDN resources or not (default is `true`) |
 | allowanonymous | `true` or `false` | set to allow anonymous usage (default is `true`) |
+| allowanonymousedits | `true` or `false` | if `allowanonymous` is `true`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) |
 | allowfreeurl | `true` or `false` | set to allow new note by accessing not exist note url |
 | defaultpermission | `freely`, `editable`, `limited`, `locked`, `protected` or `private` | set notes default permission (only applied on signed users) |
 | dburl | `mysql://localhost:3306/database` | set the db url, if set this variable then below db config won't be applied |
diff --git a/lib/config/default.js b/lib/config/default.js
index 4080347..000c154 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -16,6 +16,7 @@ module.exports = {
   protocolusessl: false,
   usecdn: true,
   allowanonymous: true,
+  allowanonymousedits: false,
   allowfreeurl: false,
   defaultpermission: 'editable',
   dburl: '',
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 5a29738..eedd491 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -18,6 +18,7 @@ module.exports = {
   alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
   usecdn: toBooleanConfig(process.env.HMD_USECDN),
   allowanonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
+  allowanonymousedits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
   allowfreeurl: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
   defaultpermission: process.env.HMD_DEFAULT_PERMISSION,
   dburl: process.env.HMD_DB_URL,
diff --git a/lib/config/index.js b/lib/config/index.js
index d44207b..3d22c3c 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -49,7 +49,7 @@ if (config.ldap.tlsca) {
 
 // Permission
 config.permission = Permission
-if (!config.allowanonymous) {
+if (!config.allowanonymous && !config.allowanonymousedits) {
   delete config.permission.freely
 }
 if (!(config.defaultpermission in config.permission)) {
diff --git a/lib/realtime.js b/lib/realtime.js
index e03e2d0..c731e5b 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -781,7 +781,7 @@ function connection (socket) {
       var note = notes[noteId]
       // Only owner can change permission
       if (note.owner && note.owner === socket.request.user.id) {
-        if (permission === 'freely' && !config.allowanonymous) return
+        if (permission === 'freely' && !config.allowanonymous && !config.allowanonymousedits) return
         note.permission = permission
         models.Note.update({
           permission: permission
diff --git a/lib/response.js b/lib/response.js
index 9f3d5a4..6c64d24 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -60,6 +60,7 @@ function showIndex (req, res, next) {
     url: config.serverurl,
     useCDN: config.usecdn,
     allowAnonymous: config.allowanonymous,
+    allowAnonymousEdits: config.allowanonymousedits,
     facebook: config.isFacebookEnable,
     twitter: config.isTwitterEnable,
     github: config.isGitHubEnable,
@@ -93,6 +94,7 @@ function responseHackMD (res, note) {
     title: title,
     useCDN: config.usecdn,
     allowAnonymous: config.allowanonymous,
+    allowAnonymousEdits: config.allowanonymousedits,
     facebook: config.isFacebookEnable,
     twitter: config.isTwitterEnable,
     github: config.isGitHubEnable,
diff --git a/public/views/hackmd/body.ejs b/public/views/hackmd/body.ejs
index 91343ef..4960437 100644
--- a/public/views/hackmd/body.ejs
+++ b/public/views/hackmd/body.ejs
@@ -15,7 +15,7 @@
                     <a id="permissionLabel" class="ui-permission-label text-uppercase" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">
                     </a>
                     <ul class="dropdown-menu" aria-labelledby="permissionLabel">
-                        <li class="ui-permission-freely"<% if(!allowAnonymous) { %> style="display: none;"<% } %>><a><i class="fa fa-leaf fa-fw"></i> Freely - Anyone can edit</a></li>
+                        <li class="ui-permission-freely"<% if(!allowAnonymous && !allowAnonymousEdits) { %> style="display: none;"<% } %>><a><i class="fa fa-leaf fa-fw"></i> Freely - Anyone can edit</a></li>
                         <li class="ui-permission-editable"><a><i class="fa fa-shield fa-fw"></i> Editable - Signed-in people can edit</a></li>
                         <li class="ui-permission-limited"><a><i class="fa fa-id-card fa-fw"></i> Limited - Signed-in people can edit (forbid guests)</a></li>
                         <li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li>