Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-08 15:05:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed 1495

Browse Source
This commit is contained in:
Julian Lam
2014-05-07 11:46:24 -04:00
parent 883978007d
commit b56df975e0
6 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/middleware/middleware.js
View File

@@ -99,7 +99,7 @@ middleware.checkGlobalPrivacySettings = function(req, res, next) {
if (res.locals.isAPI) {
return res.json(403, 'not-allowed');
} else {
return res.redirect('403');
return res.redirect('login?next=' + req.url);
}
}
@@ -107,8 +107,13 @@ middleware.checkGlobalPrivacySettings = function(req, res, next) {
};
middleware.checkAccountPermissions = function(req, res, next) {
// This middleware ensures that only the requested user and admins can pass
var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
if (callerUID === 0) {
return res.redirect('/login?next=' + req.url);
}
// this function requires userslug to be passed in. todo: /user/uploadpicture should pass in userslug I think
user.getUidByUserslug(req.params.userslug, function (err, uid) {
if (err) {