Merge pull request #313 from elct9620/feature/disable_anonymous_view

WIP: Add options to limit anonymous view note
2017-01-10 20:23:47 +08:00
parent 258a59a77d d6be0cf755
commit a8068d38d5
5 changed files with 47 additions and 20 deletions
--- a/lib/response.js
+++ b/lib/response.js
@@ -124,6 +124,11 @@ function checkViewPermission(req, note) {
            return false;
        else
            return true;
+    } else if (note.permission == 'limited' || note.permission == 'protected') {
+        if( !req.isAuthenticated() ) {
+            return false;
+        }
+        return true;
    } else {
        return true;
    }
@@ -163,7 +168,7 @@ function showNote(req, res, next) {
    findNote(req, res, function (note) {
        // force to use note id
        var noteId = req.params.noteId;
-        var id = LZString.compressToBase64(note.id); 
+        var id = LZString.compressToBase64(note.id);
        if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
            return res.redirect(config.serverurl + "/" + (note.alias || id));
        return responseHackMD(res, note);
@@ -415,7 +420,7 @@ function publishSlideActions(req, res, next) {
            res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
            break;
        default:
-            res.redirect(config.serverurl + '/p/' + note.shortid);    
+            res.redirect(config.serverurl + '/p/' + note.shortid);
            break;
        }
    });