diff --git a/.drone.yml b/.drone.yml index 4d9f26d..5c2dab1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,4 +20,7 @@ steps: from_secret: password when: branch: - - main \ No newline at end of file + - main + event: + exclude: + - pull_request \ No newline at end of file diff --git a/router/share.js b/router/share.js index 65ce517..81b1db9 100644 --- a/router/share.js +++ b/router/share.js @@ -8,9 +8,13 @@ var passport = server.passport; router.route("/") .get(passport.authenticate("jwt", { session: false }), (req, res) => { - database.share.collection(result => { - res.json(result).status(200).end(); - }) + if (req.user.roles.includes("admin")) { + database.share.collection(result => { + res.json(result).status(200).end(); + }) + } else { + res.status(403).end(); + } }); router.route("/:id") .get((req, res) => { diff --git a/router/system.js b/router/system.js index 3b4b6de..47901f9 100644 --- a/router/system.js +++ b/router/system.js @@ -19,7 +19,7 @@ router }) }) .post(passport.authenticate("jwt", { session: false }), (req, res) => { - if (req.user.roles.indexOf("admin") > -1) { + if (req.user.roles.includes("admin")) { database.system.setAllows(req.body, () => { res.status(200).end(); }) @@ -31,7 +31,7 @@ router router .route("/domains") .get(passport.authenticate("jwt", { session: false }), (req, res) => { - if (req.user.roles.indexOf("admin") > -1) { + if (req.user.roles.includes("admin")) { let domains = { const: config.allowed_domains, dynamic: [] @@ -47,7 +47,7 @@ router } }) .post(passport.authenticate("jwt", { session: false }), (req, res) => { - if (req.user.roles.indexOf("admin") > -1) { + if (req.user.roles.includes("admin")) { database.system.setDomains(req.body, () => { res.status(200).end(); });