sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix anonymouse view permission check

Browse Source
This commit is contained in:
蒼時弦也
2017-01-05 23:37:10 +08:00
parent aaf1ff4b2f
commit 1fbecbb03d
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/response.js
View File

@@ -117,12 +117,15 @@ function newNote(req, res, next) {
} }
function checkViewPermission(req, note) { function checkViewPermission(req, note) {
if (note.permission == 'private' || !config.allowanonymousView) { if (note.permission == 'private') {
if (!req.isAuthenticated() || note.ownerId != req.user.id) if (!req.isAuthenticated() || note.ownerId != req.user.id)
return false; return false;
else else
return true; return true;
} else { } else {
if(!config.allowanonymousView && !req.isAuthenticated()) {
return false;
}
return true; return true;
} }
} }