public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityManager: Simplify checkAccess

pull/4259/head
Richard Hansen 2020-09-02 17:28:06 -04:00 committed by John McLear
parent 17096919e0
commit 68be78ace0
1 changed files with 2 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/node/db/SecurityManager.js
View File

@ -70,25 +70,8 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
// a session is not required, so we'll check if it's a public pad // a session is not required, so we'll check if it's a public pad
if (padID.indexOf("$") === -1) { if (padID.indexOf("$") === -1) {
// it's not a group pad, means we can grant access // it's not a group pad, means we can grant access
if (settings.editOnly && !(await p_padExists)) return deny;
// assume user has access return {accessStatus: 'grant', authorID: await p_tokenAuthor};
let authorID = await p_tokenAuthor;
let statusObject = { accessStatus: "grant", authorID };
if (settings.editOnly) {
// user can't create pads
let padExists = await p_padExists;
if (!padExists) {
// pad doesn't exist - user can't have access
statusObject.accessStatus = "deny";
}
}
// user may create new pads - no need to check anything
// grant access, with author of token
return statusObject;
} }
} }