[feat] New server-side hook: onAccessCheck

doc/api/hooks_server-side.md

@@ -108,6 +108,18 @@ Usage examples:
 
 * https://github.com/tiblu/ep_authorship_toggle
 
+## onAccessCheck
+Called from: src/node/db/SecurityManager.js
+
+Things in context:
+
+1. padID - the pad the user wants to access
+2. password - the password the user has given to access the pad
+3. token - the token of the author
+3. sessionCookie - the session the use has
+
+This hook gets called when the access to the concrete pad is being checked. Return `false` to deny access.
+
 ## padCreate
 Called from: src/node/db/Pad.js
 

src/node/db/SecurityManager.js

@@ -22,6 +22,7 @@
 var ERR = require("async-stacktrace");
 var async = require("async");
 var authorManager = require("./AuthorManager");
+var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks.js");
 var padManager = require("./PadManager");
 var sessionManager = require("./SessionManager");
 var settings = require("../utils/Settings");
@@ -45,6 +46,14 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
     return;
   }
 
+  // allow plugins to deny access
+  var deniedByHook = hooks.callAll("onAccessCheck", {'padID': padID, 'password': password, 'token': token, 'sessionCookie': sessionCookie}).indexOf(false) > -1;
+  if(deniedByHook)
+  {
+    callback(null, {accessStatus: "deny"});
+    return;
+  }
+
   // a valid session is required (api-only mode)
   if(settings.requireSession)
   {