diff --git a/doc/api/hooks_server-side.md b/doc/api/hooks_server-side.md index d4e836404..bb1b53890 100644 --- a/doc/api/hooks_server-side.md +++ b/doc/api/hooks_server-side.md @@ -108,6 +108,18 @@ Usage examples: * https://github.com/tiblu/ep_authorship_toggle +## onAccessCheck +Called from: src/node/db/SecurityManager.js + +Things in context: + +1. padID - the pad the user wants to access +2. password - the password the user has given to access the pad +3. token - the token of the author +3. sessionCookie - the session the use has + +This hook gets called when the access to the concrete pad is being checked. Return `false` to deny access. + ## padCreate Called from: src/node/db/Pad.js diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js index 6fae57ffb..9430e75dd 100644 --- a/src/node/db/SecurityManager.js +++ b/src/node/db/SecurityManager.js @@ -22,6 +22,7 @@ var ERR = require("async-stacktrace"); var async = require("async"); var authorManager = require("./AuthorManager"); +var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks.js"); var padManager = require("./PadManager"); var sessionManager = require("./SessionManager"); var settings = require("../utils/Settings"); @@ -45,6 +46,14 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback) return; } + // allow plugins to deny access + var deniedByHook = hooks.callAll("onAccessCheck", {'padID': padID, 'password': password, 'token': token, 'sessionCookie': sessionCookie}).indexOf(false) > -1; + if(deniedByHook) + { + callback(null, {accessStatus: "deny"}); + return; + } + // a valid session is required (api-only mode) if(settings.requireSession) {