From e5181209e7103eaa0f95108d10947487ad31c938 Mon Sep 17 00:00:00 2001 From: Jules Laplace Date: Mon, 14 May 2018 17:22:35 +0200 Subject: adminz and split out privacy --- bucky/app/privacy.js | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 bucky/app/privacy.js (limited to 'bucky/app/privacy.js') diff --git a/bucky/app/privacy.js b/bucky/app/privacy.js new file mode 100644 index 0000000..fb1fcd1 --- /dev/null +++ b/bucky/app/privacy.js @@ -0,0 +1,50 @@ +var _ = require('lodash') +var db = require('../db') +var util = require('../util/util') +var upload = require('../util/upload') + +var privacy = module.exports = { + checkIsAdmin: function(req, res, next){ + if (req.user.get('ulevel') !== 3) { + return res.sendStatus(500) + } + next() + }, + checkUserPrivacy: function(req, res, next) { + if (req.user.get('username') !== res.user.get('username')) { + return res.sendStatus(500) + } + next() + }, + checkThreadPrivacy: function(req, res, next) { + if (res.thread.get('id') !== 1 && ! res.thread.checkPrivacy(req.user)) { + return res.sendStatus(500) + } + next() + }, + checkCommentPrivacy: function(req, res, next) { + if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.comment.get('username')) { + return res.sendStatus(500) + } + next() + }, + checkFilePrivacy: function(req, res, next) { + if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) { + return res.sendStatus(500) + } + next() + }, + checkMessagePrivacy: function(req, res, next) { + var username = req.user.get('username') + if (username !== res.message.get('sender') && username !== res.message.get('recipient')) { + return res.sendStatus(500) + } + next() + }, + filterPrivateThreads: function(req, res, next) { + res.threads = res.threads.filter(thread => { + return thread.checkPrivacy(req.user) + }) + next() + }, +} \ No newline at end of file -- cgit v1.2.3-70-g09d2