diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2018-05-14 17:22:35 +0200 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2018-05-14 17:22:35 +0200 |
| commit | e5181209e7103eaa0f95108d10947487ad31c938 (patch) | |
| tree | 69859679d832a37d10dab1687dd244f2cd30057e /bucky/app/api.js | |
| parent | cf9546033f16be59b97cd383d3694fc5844528ba (diff) | |
adminz and split out privacy
Diffstat (limited to 'bucky/app/api.js')
| -rw-r--r-- | bucky/app/api.js | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/bucky/app/api.js b/bucky/app/api.js index e72298e..245e45e 100644 --- a/bucky/app/api.js +++ b/bucky/app/api.js @@ -6,6 +6,7 @@ var util = require('../util/util') var db = require('../db') var bucky = require('./bucky') +var privacy = require('./privacy') var search = require('../search/middleware') var fortune = require('../db/fortune') @@ -24,7 +25,7 @@ function route (app){ app.post("/api/user/:username", middleware.ensureAuthenticated, bucky.ensureUser, - bucky.checkUserPrivacy, + privacy.checkUserPrivacy, multer.single("avatar"), bucky.updateProfile, auth.changePassword, @@ -108,7 +109,7 @@ function route (app){ app.get("/api/thread/:id", middleware.ensureAuthenticated, bucky.ensureThread, - bucky.checkThreadPrivacy, + privacy.checkThreadPrivacy, bucky.bumpViewCount, bucky.ensureKeywordForThread, bucky.ensureCommentsForThread, @@ -137,7 +138,7 @@ function route (app){ app.put("/api/thread/:id", middleware.ensureAuthenticated, bucky.ensureThread, - bucky.checkThreadPrivacy, + privacy.checkThreadPrivacy, bucky.updateThreadSettings, function(req, res){ res.json({ status: 'ok' }) @@ -145,7 +146,7 @@ function route (app){ app.delete("/api/thread/:id", middleware.ensureAuthenticated, bucky.ensureThread, - bucky.checkThreadPrivacy, + privacy.checkThreadPrivacy, bucky.ensureCommentsForThread, bucky.ensureFilesForThread, bucky.destroyThread, @@ -159,7 +160,7 @@ function route (app){ app.post("/api/thread/:id/comment", middleware.ensureAuthenticated, bucky.ensureThread, - bucky.checkThreadPrivacy, + privacy.checkThreadPrivacy, multer.array("files"), bucky.verifyFilesOrComment, bucky.createOptionalFiles, @@ -180,7 +181,7 @@ function route (app){ app.put("/api/comment/:id", middleware.ensureAuthenticated, bucky.ensureComment, - bucky.checkCommentPrivacy, + privacy.checkCommentPrivacy, bucky.ensureCommentThread, bucky.updateComment, bucky.bumpThreadRevisions, @@ -190,7 +191,7 @@ function route (app){ // move a file to another thread app.get("/api/file/:id/move/:thread_id", middleware.ensureAuthenticated, - bucky.checkIsAdmin, + privacy.checkIsAdmin, bucky.ensureFile, bucky.ensureThreadById, bucky.moveFile, @@ -200,7 +201,7 @@ function route (app){ // move a comment to another thread app.get("/api/comment/:id/move/:thread_id", middleware.ensureAuthenticated, - bucky.checkIsAdmin, + privacy.checkIsAdmin, bucky.ensureComment, bucky.ensureThreadById, bucky.moveComment, @@ -211,7 +212,7 @@ function route (app){ app.delete("/api/comment/:id", middleware.ensureAuthenticated, bucky.ensureComment, - bucky.checkCommentPrivacy, + privacy.checkCommentPrivacy, bucky.destroyComment, function(req, res){ res.send({ status: 'ok' }) @@ -220,7 +221,7 @@ function route (app){ app.delete("/api/file/:id", middleware.ensureAuthenticated, bucky.ensureFile, - bucky.checkFilePrivacy, + privacy.checkFilePrivacy, bucky.destroyFile, function(req, res){ res.send({ status: 'ok' }) @@ -239,7 +240,7 @@ function route (app){ ) app.get("/api/search/build", middleware.ensureAuthenticated, - bucky.checkIsAdmin, + privacy.checkIsAdmin, search.rebuild ) |