jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Move verifyAppOwnership to app route

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-09-05 23:02:06 -07:00
parent 2ad0a57fc1
commit 0e3f9c9569
3 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/accesscontrol.js
-22
View File
@@ -6,13 +6,10 @@ exports = module.exports = {
scope: scope,
websocketAuth: websocketAuth,
verifyAppOwnership: verifyAppOwnership,
verifyOperator: verifyOperator
};
var accesscontrol = require('../accesscontrol.js'),
apps = require('../apps.js'),
AppsError = apps.AppsError,
assert = require('assert'),
BasicStrategy = require('passport-http').BasicStrategy,
BearerStrategy = require('passport-http-bearer').Strategy,
@@ -144,25 +141,6 @@ function websocketAuth(requiredScopes, req, res, next) {
});
}
function verifyAppOwnership(req, res, next) {
if (req.user.admin) return next();
if (!config.isSpacesEnabled()) return next();
const appCreate = !('id' in req.params);
if (appCreate) return next(); // ok to install app
apps.get(req.params.id, function (error, app) {
if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
if (error) return next(new HttpError(500, error));
if (app.ownerId !== req.user.id) return next(new HttpError(401, 'Unauthorized'));
next();
});
}
function verifyOperator(req, res, next) {
if (config.allowOperatorActions()) return next();