Add editOnly option
Jordan
parent
5630889fb0
commit
5e7c5d5dd3
|
|
@ -35,6 +35,8 @@ var settings = require("../utils/Settings")
|
|||
*/
|
||||
exports.checkAccess = function (padID, sessionID, token, password, callback)
|
||||
{
|
||||
var statusObject;
|
||||
|
||||
// a valid session is required (api-only mode)
|
||||
if(settings.requireSession)
|
||||
{
|
||||
|
|
@ -54,8 +56,26 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
|||
//get author for this token
|
||||
authorManager.getAuthor4Token(token, function(err, author)
|
||||
{
|
||||
// grant access, with author of token
|
||||
callback(err, {accessStatus: "grant", authorID: author});
|
||||
// assume user has access
|
||||
statusObject = {accessStatus: "grant", authorID: author};
|
||||
// user can't create pads
|
||||
if(settings.editOnly)
|
||||
{
|
||||
// check if pad exists
|
||||
padManager.doesPadExists(padID, function(err, exists)
|
||||
{
|
||||
// pad doesn't exist - user can't have access
|
||||
if(!exists) statusObject.accessStatus = "deny";
|
||||
// grant or deny access, with author of token
|
||||
callback(err, statusObject);
|
||||
});
|
||||
}
|
||||
// user may create new pads - no need to check anything
|
||||
else
|
||||
{
|
||||
// grant access, with author of token
|
||||
callback(err, statusObject);
|
||||
}
|
||||
})
|
||||
|
||||
//don't continue
|
||||
|
|
@ -72,8 +92,6 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
|||
var isPasswordProtected;
|
||||
var passwordStatus = password == null ? "notGiven" : "wrong"; // notGiven, correct, wrong
|
||||
|
||||
var statusObject;
|
||||
|
||||
async.series([
|
||||
//get basic informations from the database
|
||||
function(callback)
|
||||
|
|
@ -195,6 +213,8 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
|||
{
|
||||
//--> grant access
|
||||
statusObject = {accessStatus: "grant", authorID: sessionAuthor};
|
||||
//--> deny access if user isn't allowed to create the pad
|
||||
if(settings.editOnly) statusObject.accessStatus = "deny";
|
||||
}
|
||||
// there is no valid session avaiable AND pad exists
|
||||
else if(!validSession && padExists)
|
||||
|
|
|
|||
|
|
@ -48,6 +48,11 @@ exports.defaultPadText = "Welcome to Etherpad Lite!\n\nThis pad text is synchron
|
|||
*/
|
||||
exports.requireSession = false;
|
||||
|
||||
/**
|
||||
* A flag that prevents users from creating new pads
|
||||
*/
|
||||
exports.editOnly = false;
|
||||
|
||||
/**
|
||||
* A flag that shows if minification is enabled or not
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -32,6 +32,9 @@
|
|||
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
|
||||
"requireSession" : false,
|
||||
|
||||
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
|
||||
"editOnly" : true,
|
||||
|
||||
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
|
||||
but makes it impossible to debug the javascript/css */
|
||||
"minify" : true,
|
||||
|
|
|
|||
|
|
@ -31,6 +31,9 @@
|
|||
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
|
||||
"requireSession" : false,
|
||||
|
||||
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
|
||||
"editOnly" : true,
|
||||
|
||||
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
|
||||
but makes it impossible to debug the javascript/css */
|
||||
"minify" : false,
|
||||
|
|
|
|||
Loading…
Reference in New Issue