From 68be78ace0b4d71990c5ae0e4500ef21644c486c Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Wed, 2 Sep 2020 17:28:06 -0400 Subject: [PATCH] SecurityManager: Simplify checkAccess --- src/node/db/SecurityManager.js | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js index 5b790aba0..c94ca09ef 100644 --- a/src/node/db/SecurityManager.js +++ b/src/node/db/SecurityManager.js @@ -70,25 +70,8 @@ exports.checkAccess = async function(padID, sessionCookie, token, password) // a session is not required, so we'll check if it's a public pad if (padID.indexOf("$") === -1) { // it's not a group pad, means we can grant access - - // assume user has access - let authorID = await p_tokenAuthor; - let statusObject = { accessStatus: "grant", authorID }; - - if (settings.editOnly) { - // user can't create pads - - let padExists = await p_padExists; - - if (!padExists) { - // pad doesn't exist - user can't have access - statusObject.accessStatus = "deny"; - } - } - - // user may create new pads - no need to check anything - // grant access, with author of token - return statusObject; + if (settings.editOnly && !(await p_padExists)) return deny; + return {accessStatus: 'grant', authorID: await p_tokenAuthor}; } }