Girish Ramakrishnan
+24
-9
@@ -1,15 +1,16 @@
|
||||
'use strict';
|
||||
|
||||
exports = module.exports = {
|
||||
get: get,
|
||||
update: update,
|
||||
getAvatar: getAvatar,
|
||||
setAvatar: setAvatar,
|
||||
clearAvatar: clearAvatar,
|
||||
changePassword: changePassword,
|
||||
setTwoFactorAuthenticationSecret: setTwoFactorAuthenticationSecret,
|
||||
enableTwoFactorAuthentication: enableTwoFactorAuthentication,
|
||||
disableTwoFactorAuthentication: disableTwoFactorAuthentication
|
||||
authorize,
|
||||
get,
|
||||
update,
|
||||
getAvatar,
|
||||
setAvatar,
|
||||
clearAvatar,
|
||||
changePassword,
|
||||
setTwoFactorAuthenticationSecret,
|
||||
enableTwoFactorAuthentication,
|
||||
disableTwoFactorAuthentication,
|
||||
};
|
||||
|
||||
var assert = require('assert'),
|
||||
@@ -25,6 +26,20 @@ var assert = require('assert'),
|
||||
settings = require('../settings.js'),
|
||||
_ = require('underscore');
|
||||
|
||||
function authorize(req, res, next) {
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
if (users.compareRoles(req.user.role, users.ROLE_USER_MANAGER) >= 0) return next();
|
||||
|
||||
settings.getDirectoryConfig(function (error, directoryConfig) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
if (directoryConfig.lockUserProfiles) return next(new HttpError(403, 'admin has disallowed users from editing profiles'));
|
||||
|
||||
next();
|
||||
});
|
||||
}
|
||||
|
||||
function get(req, res, next) {
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user