protect shared items collection #6
@ -8,9 +8,13 @@ var passport = server.passport;
|
|||||||
|
|
||||||
router.route("/")
|
router.route("/")
|
||||||
.get(passport.authenticate("jwt", { session: false }), (req, res) => {
|
.get(passport.authenticate("jwt", { session: false }), (req, res) => {
|
||||||
|
if (req.user.roles.includes("admin")) {
|
||||||
database.share.collection(result => {
|
database.share.collection(result => {
|
||||||
res.json(result).status(200).end();
|
res.json(result).status(200).end();
|
||||||
})
|
})
|
||||||
|
} else {
|
||||||
|
res.status(403).end();
|
||||||
|
}
|
||||||
});
|
});
|
||||||
router.route("/:id")
|
router.route("/:id")
|
||||||
.get((req, res) => {
|
.get((req, res) => {
|
||||||
|
@ -19,7 +19,7 @@ router
|
|||||||
})
|
})
|
||||||
})
|
})
|
||||||
.post(passport.authenticate("jwt", { session: false }), (req, res) => {
|
.post(passport.authenticate("jwt", { session: false }), (req, res) => {
|
||||||
if (req.user.roles.indexOf("admin") > -1) {
|
if (req.user.roles.includes("admin")) {
|
||||||
database.system.setAllows(req.body, () => {
|
database.system.setAllows(req.body, () => {
|
||||||
res.status(200).end();
|
res.status(200).end();
|
||||||
})
|
})
|
||||||
@ -31,7 +31,7 @@ router
|
|||||||
router
|
router
|
||||||
.route("/domains")
|
.route("/domains")
|
||||||
.get(passport.authenticate("jwt", { session: false }), (req, res) => {
|
.get(passport.authenticate("jwt", { session: false }), (req, res) => {
|
||||||
if (req.user.roles.indexOf("admin") > -1) {
|
if (req.user.roles.includes("admin")) {
|
||||||
let domains = {
|
let domains = {
|
||||||
const: config.allowed_domains,
|
const: config.allowed_domains,
|
||||||
dynamic: []
|
dynamic: []
|
||||||
@ -47,7 +47,7 @@ router
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
.post(passport.authenticate("jwt", { session: false }), (req, res) => {
|
.post(passport.authenticate("jwt", { session: false }), (req, res) => {
|
||||||
if (req.user.roles.indexOf("admin") > -1) {
|
if (req.user.roles.includes("admin")) {
|
||||||
database.system.setDomains(req.body, () => {
|
database.system.setDomains(req.body, () => {
|
||||||
res.status(200).end();
|
res.status(200).end();
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user