Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-06 22:15:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix acp

Browse Source
This commit is contained in:
barisusakli
2014-12-01 22:57:57 -05:00
parent ddd6ed9e8c
commit 97d01de155
4 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/middleware/admin.js
View File

@@ -14,21 +14,6 @@ var app,
helpers: require('../controllers/helpers') helpers: require('../controllers/helpers')
}; };
middleware.isAdmin = function(req, res, next) {
if (!req.user) {
return controllers.helpers.notAllowed(req, res);
}
user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
if (err || isAdmin) {
return next(err);
}
controllers.helpers.notAllowed(req, res);
});
};
middleware.buildHeader = function(req, res, next) { middleware.buildHeader = function(req, res, next) {
var uid = req.user ? req.user.uid : 0; var uid = req.user ? req.user.uid : 0;
async.parallel([ async.parallel([

25
src/middleware/middleware.js
View File

@@ -31,7 +31,7 @@ middleware.authenticate = function(req, res, next) {
return next(); return next();
} }
helpers.notAllowed(req, res); controllers.helpers.notAllowed(req, res);
}; };
middleware.applyCSRF = csrf(); middleware.applyCSRF = csrf();
@@ -178,6 +178,29 @@ middleware.checkAccountPermissions = function(req, res, next) {
}); });
}; };
middleware.isAdmin = function(req, res, next) {
function render() {
if (res.locals.isAPI) {
return controllers.helpers.notAllowed(req, res);
}
middleware.buildHeader(req, res, function() {
controllers.helpers.notAllowed(req, res);
});
}
if (!req.user) {
render();
}
user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
if (err || isAdmin) {
return next(err);
}
render();
});
};
middleware.buildBreadcrumbs = function(req, res, next) { middleware.buildBreadcrumbs = function(req, res, next) {
var breadcrumbs = [], var breadcrumbs = [],
findParents = function(cid) { findParents = function(cid) {

2
src/routes/admin.js
View File

@@ -21,7 +21,7 @@ function apiRoutes(app, middleware, controllers) {
function adminRouter(middleware, controllers) { function adminRouter(middleware, controllers) {
var router = express.Router(); var router = express.Router();
router.use(middleware.applyCSRF); router.use(middleware.admin.buildHeader);
addRoutes(router, middleware, controllers); addRoutes(router, middleware, controllers);

4
src/routes/index.js
View File

@@ -119,8 +119,8 @@ module.exports = function(app, middleware) {
app.use(middleware.maintenanceMode); app.use(middleware.maintenanceMode);
app.all(relativePath + '/api/?*', middleware.prepareAPI); app.all(relativePath + '/api/?*', middleware.prepareAPI);
app.all(relativePath + '/api/admin/?*', middleware.admin.isAdmin, middleware.prepareAPI); app.all(relativePath + '/api/admin/?*', middleware.isAdmin);
app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.buildHeader, middleware.admin.isAdmin); app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.applyCSRF, middleware.isAdmin);
adminRoutes(router, middleware, controllers); adminRoutes(router, middleware, controllers);
metaRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers);