more middleware

author: Jules Laplace <julescarbon@gmail.com> 2017-12-15 02:52:15 +0100
committer: Jules Laplace <julescarbon@gmail.com> 2017-12-15 02:52:15 +0100
commit: cc585396a85e3107bb7b4298098b84b738919c8f (patch)
tree: bd74ed6e090231d472e022f487748c5f7eb46aa4 /bucky/app/bucky.js
parent: 1466563673ffe6c41ec9a18bf98565b8562ee4f3 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js
index 1b14f43..ec0ab8c 100644
--- a/bucky/app/bucky.js
+++ b/bucky/app/bucky.js
@@ -448,6 +448,12 @@ var bucky = module.exports = {
 
   /* PRIVACY */
 
+  checkIsAdmin: function(req, res, next){
+    if (req.user.get('ulevel') !== 3) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
   checkUserPrivacy: function(req, res, next) {
     if (req.user.get('username') !== res.user.get('username')) {
       return res.sendStatus(500)
@@ -455,7 +461,7 @@ var bucky = module.exports = {
     next()
   },
   checkThreadPrivacy: function(req, res, next) {
-    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.thread.get('username')) {
+    if (res.thread.checkPrivacy(req.user)) {
       return res.sendStatus(500)
     }
     next()
@@ -473,6 +479,11 @@ var bucky = module.exports = {
     }
     next()
   },
+  checkThreadsPrivacy: function(req, res, next) {
+    res.threads = res.threads.filter(thread => {
+      return thread.checkPrivacy(req.user)
+    })
+  },
 
   /* MAIL */
author	Jules Laplace <julescarbon@gmail.com>	2017-12-15 02:52:15 +0100
committer	Jules Laplace <julescarbon@gmail.com>	2017-12-15 02:52:15 +0100
commit	cc585396a85e3107bb7b4298098b84b738919c8f (patch)
tree	bd74ed6e090231d472e022f487748c5f7eb46aa4 /bucky/app/bucky.js
parent	1466563673ffe6c41ec9a18bf98565b8562ee4f3 (diff)