Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-29 10:06:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated revoke session middleware to allow self or admin or global mod invocation, tweaked tests a bit

Browse Source
This commit is contained in:
Julian Lam
2016-12-02 10:50:42 -05:00
parent aad9a39f02
commit 33ff5e09bb
5 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/middleware/index.js
View File

@@ -49,8 +49,16 @@ middleware.authenticate = function (req, res, next) {
controllers.helpers.notAllowed(req, res);
};
middleware.ensureGlobalPrivilege = function (req, res, next) {
middleware.ensureSelfOrGlobalPrivilege = function (req, res, next) {
/*
The "self" part of this middleware hinges on you having used
middleware.exposeUid prior to invoking this middleware.
*/
if (req.user) {
if (req.user.uid === res.locals.uid) {
return next();
}
user.isAdminOrGlobalMod(req.uid, function (err, ok) {
if (err) {
return next(err);