adminz and split out privacy

author: Jules Laplace <julescarbon@gmail.com> 2018-05-14 17:22:35 +0200
committer: Jules Laplace <julescarbon@gmail.com> 2018-05-14 17:22:35 +0200
commit: e5181209e7103eaa0f95108d10947487ad31c938 (patch)
tree: 69859679d832a37d10dab1687dd244f2cd30057e
parent: cf9546033f16be59b97cd383d3694fc5844528ba (diff)
5 files changed, 77 insertions, 59 deletions
diff --git a/bucky/app/api.js b/bucky/app/api.js
index e72298e..245e45e 100644
--- a/bucky/app/api.js
+++ b/bucky/app/api.js
@@ -6,6 +6,7 @@ var util = require('../util/util')
 
 var db = require('../db')
 var bucky = require('./bucky')
+var privacy =  require('./privacy')
 var search = require('../search/middleware')
 var fortune = require('../db/fortune')
 
@@ -24,7 +25,7 @@ function route (app){
   app.post("/api/user/:username",
     middleware.ensureAuthenticated,
     bucky.ensureUser,
-    bucky.checkUserPrivacy,
+    privacy.checkUserPrivacy,
     multer.single("avatar"),
     bucky.updateProfile,
     auth.changePassword,
@@ -108,7 +109,7 @@ function route (app){
   app.get("/api/thread/:id",
     middleware.ensureAuthenticated,
     bucky.ensureThread,
-    bucky.checkThreadPrivacy,
+    privacy.checkThreadPrivacy,
     bucky.bumpViewCount,
     bucky.ensureKeywordForThread,
     bucky.ensureCommentsForThread,
@@ -137,7 +138,7 @@ function route (app){
   app.put("/api/thread/:id",
     middleware.ensureAuthenticated,
     bucky.ensureThread,
-    bucky.checkThreadPrivacy,
+    privacy.checkThreadPrivacy,
     bucky.updateThreadSettings,
     function(req, res){
       res.json({ status: 'ok' })
@@ -145,7 +146,7 @@ function route (app){
   app.delete("/api/thread/:id",
     middleware.ensureAuthenticated,
     bucky.ensureThread,
-    bucky.checkThreadPrivacy,
+    privacy.checkThreadPrivacy,
     bucky.ensureCommentsForThread,
     bucky.ensureFilesForThread,
     bucky.destroyThread,
@@ -159,7 +160,7 @@ function route (app){
   app.post("/api/thread/:id/comment",
     middleware.ensureAuthenticated,
     bucky.ensureThread,
-    bucky.checkThreadPrivacy,
+    privacy.checkThreadPrivacy,
     multer.array("files"),
     bucky.verifyFilesOrComment,
     bucky.createOptionalFiles,
@@ -180,7 +181,7 @@ function route (app){
   app.put("/api/comment/:id",
     middleware.ensureAuthenticated,
     bucky.ensureComment,
-    bucky.checkCommentPrivacy,
+    privacy.checkCommentPrivacy,
     bucky.ensureCommentThread,
     bucky.updateComment,
     bucky.bumpThreadRevisions,
@@ -190,7 +191,7 @@ function route (app){
   // move a file to another thread
   app.get("/api/file/:id/move/:thread_id",
     middleware.ensureAuthenticated,
-    bucky.checkIsAdmin,
+    privacy.checkIsAdmin,
     bucky.ensureFile,
     bucky.ensureThreadById,
     bucky.moveFile,
@@ -200,7 +201,7 @@ function route (app){
   // move a comment to another thread
   app.get("/api/comment/:id/move/:thread_id",
     middleware.ensureAuthenticated,
-    bucky.checkIsAdmin,
+    privacy.checkIsAdmin,
     bucky.ensureComment,
     bucky.ensureThreadById,
     bucky.moveComment,
@@ -211,7 +212,7 @@ function route (app){
   app.delete("/api/comment/:id",
     middleware.ensureAuthenticated,
     bucky.ensureComment,
-    bucky.checkCommentPrivacy,
+    privacy.checkCommentPrivacy,
     bucky.destroyComment,
     function(req, res){
       res.send({ status: 'ok' })
@@ -220,7 +221,7 @@ function route (app){
   app.delete("/api/file/:id",
     middleware.ensureAuthenticated,
     bucky.ensureFile,
-    bucky.checkFilePrivacy,
+    privacy.checkFilePrivacy,
     bucky.destroyFile,
     function(req, res){
       res.send({ status: 'ok' })
@@ -239,7 +240,7 @@ function route (app){
   )
   app.get("/api/search/build",
     middleware.ensureAuthenticated,
-    bucky.checkIsAdmin,
+    privacy.checkIsAdmin,
     search.rebuild
   )
 
diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js
index f8ea00b..f00c296 100644
--- a/bucky/app/bucky.js
+++ b/bucky/app/bucky.js
@@ -206,6 +206,8 @@ var bucky = module.exports = {
       try {
         settings = JSON.stringify(req.body.settings)
       } catch(e) {
+        console.error("JSON error in thread settings!!!!")
+        return res.sendStatus(500)
       }
     }
     if (! settings) {
@@ -294,7 +296,7 @@ var bucky = module.exports = {
       next()
     })
   },
-  ensureThreadGroups: function (res, res, next){
+  ensureThreadGroups: function (req, res, next){
     db.getThreadGroups().then(function(threadGroups){
       res.threadGroups = threadGroups
       next()
@@ -581,52 +583,6 @@ var bucky = module.exports = {
     res.user.save().then( () => next() )
   },
 
-  /* PRIVACY */
-
-  checkIsAdmin: function(req, res, next){
-    if (req.user.get('ulevel') !== 3) {
-      return res.sendStatus(500)
-    }
-    next()
-  },
-  checkUserPrivacy: function(req, res, next) {
-    if (req.user.get('username') !== res.user.get('username')) {
-      return res.sendStatus(500)
-    }
-    next()
-  },
-  checkThreadPrivacy: function(req, res, next) {
-    if (res.thread.get('id') !== 1 && ! res.thread.checkPrivacy(req.user)) {
-      return res.sendStatus(500)
-    }
-    next()
-  },
-  checkCommentPrivacy: function(req, res, next) {
-    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.comment.get('username')) {
-      return res.sendStatus(500)
-    }
-    next()
-  },
-  checkFilePrivacy: function(req, res, next) {
-    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) {
-      return res.sendStatus(500)
-    }
-    next()
-  },
-  checkMessagePrivacy: function(req, res, next) {
-    var username = req.user.get('username')
-    if (username !== res.message.get('sender') && username !== res.message.get('recipient')) {
-      return res.sendStatus(500)
-    }
-    next()
-  },
-  filterPrivateThreads: function(req, res, next) {
-    res.threads = res.threads.filter(thread => {
-      return thread.checkPrivacy(req.user)
-    })
-    next()
-  },
-
   /* MAIL */
 
   ensureMailboxes: function (req, res, next){
diff --git a/bucky/app/privacy.js b/bucky/app/privacy.js
new file mode 100644
index 0000000..fb1fcd1
--- /dev/null
+++ b/bucky/app/privacy.js
@@ -0,0 +1,50 @@
+var _ = require('lodash')
+var db = require('../db')
+var util = require('../util/util')
+var upload = require('../util/upload')
+
+var privacy = module.exports = {
+  checkIsAdmin: function(req, res, next){
+    if (req.user.get('ulevel') !== 3) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkUserPrivacy: function(req, res, next) {
+    if (req.user.get('username') !== res.user.get('username')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkThreadPrivacy: function(req, res, next) {
+    if (res.thread.get('id') !== 1 && ! res.thread.checkPrivacy(req.user)) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkCommentPrivacy: function(req, res, next) {
+    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.comment.get('username')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkFilePrivacy: function(req, res, next) {
+    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkMessagePrivacy: function(req, res, next) {
+    var username = req.user.get('username')
+    if (username !== res.message.get('sender') && username !== res.message.get('recipient')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  filterPrivateThreads: function(req, res, next) {
+    res.threads = res.threads.filter(thread => {
+      return thread.checkPrivacy(req.user)
+    })
+    next()
+  },
+}
+\ No newline at end of file
diff --git a/bucky/util/adminz.js b/bucky/util/adminz.js
index 212e477..cc5f7dc 100644
--- a/bucky/util/adminz.js
+++ b/bucky/util/adminz.js
@@ -5,6 +5,7 @@ var util = require('./util')
 var upload = require('./upload')
 var fortune = require('../db/fortune')
 var middleware = require('./middleware')
+var privacy = require('./app/privacy')
 
 var adminz = module.exports = {
 
@@ -25,8 +26,9 @@ var adminz = module.exports = {
 
   route: function(app){
     app.get("/adminz",
+      privacy.checkIsAdmin,
       function(req, res){
-        res.render("pages/login", {
+        res.render("pages/adminz", {
           title: adminz.title()
         })
       })
diff --git a/views/pages/adminz.ejs b/views/pages/adminz.ejs
new file mode 100644
index 0000000..9bb62ac
--- /dev/null
+++ b/views/pages/adminz.ejs
@@ -0,0 +1,9 @@
+<% include ../partials/header %>
+
+<div id="content">
+
+welcome 2 adminland
+
+</div>
+
+<% include ../partials/footer %>
author	Jules Laplace <julescarbon@gmail.com>	2018-05-14 17:22:35 +0200
committer	Jules Laplace <julescarbon@gmail.com>	2018-05-14 17:22:35 +0200
commit	e5181209e7103eaa0f95108d10947487ad31c938 (patch)
tree	69859679d832a37d10dab1687dd244f2cd30057e
parent	cf9546033f16be59b97cd383d3694fc5844528ba (diff)