adminz and split out privacy

1 files changed, 50 insertions, 0 deletions

diff --git a/bucky/app/privacy.js b/bucky/app/privacy.js
new file mode 100644
index 0000000..fb1fcd1
--- /dev/null
+++ b/bucky/app/privacy.js
@@ -0,0 +1,50 @@
+var _ = require('lodash')
+var db = require('../db')
+var util = require('../util/util')
+var upload = require('../util/upload')
+
+var privacy = module.exports = {
+  checkIsAdmin: function(req, res, next){
+    if (req.user.get('ulevel') !== 3) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkUserPrivacy: function(req, res, next) {
+    if (req.user.get('username') !== res.user.get('username')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkThreadPrivacy: function(req, res, next) {
+    if (res.thread.get('id') !== 1 && ! res.thread.checkPrivacy(req.user)) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkCommentPrivacy: function(req, res, next) {
+    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.comment.get('username')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkFilePrivacy: function(req, res, next) {
+    if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  checkMessagePrivacy: function(req, res, next) {
+    var username = req.user.get('username')
+    if (username !== res.message.get('sender') && username !== res.message.get('recipient')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
+  filterPrivateThreads: function(req, res, next) {
+    res.threads = res.threads.filter(thread => {
+      return thread.checkPrivacy(req.user)
+    })
+    next()
+  },
+}
\ No newline at end of file