1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
var _ = require('lodash')
var db = require('../db')
var util = require('../util/util')
var upload = require('../util/upload')
var privacy = module.exports = {
checkIsAdmin: function(req, res, next){
if (req.user.get('ulevel') !== 3) {
return res.sendStatus(500)
}
next()
},
checkUserPrivacy: function(req, res, next) {
if (req.user.get('username') !== res.user.get('username')) {
return res.sendStatus(500)
}
next()
},
checkThreadPrivacy: function(req, res, next) {
if (res.thread.get('id') !== 1 && ! res.thread.checkPrivacy(req.user)) {
return res.sendStatus(500)
}
next()
},
checkCommentPrivacy: function(req, res, next) {
if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.comment.get('username')) {
return res.sendStatus(500)
}
next()
},
checkFilePrivacy: function(req, res, next) {
if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) {
return res.sendStatus(500)
}
next()
},
checkMessagePrivacy: function(req, res, next) {
var username = req.user.get('username')
if (username !== res.message.get('sender') && username !== res.message.get('recipient')) {
return res.sendStatus(500)
}
next()
},
filterPrivateThreads: function(req, res, next) {
res.threads = res.threads.filter(thread => {
return thread.checkPrivacy(req.user)
})
next()
},
}
|
