diff --git a/migrations/20190507030217-settings-drop-locked.js b/migrations/20190507030217-settings-drop-locked.js new file mode 100644 index 000000000..39a8456a6 --- /dev/null +++ b/migrations/20190507030217-settings-drop-locked.js @@ -0,0 +1,15 @@ +'use strict'; + +exports.up = function(db, callback) { + db.runSql('ALTER TABLE settings DROP COLUMN locked', function (error) { + if (error) console.error(error); + callback(error); + }); +}; + +exports.down = function(db, callback) { + db.runSql('ALTER TABLE settings ADD COLUMN locked BOOLEAN DEFAULT 0', function (error) { + if (error) console.error(error); + callback(error); + }); +}; diff --git a/migrations/schema.sql b/migrations/schema.sql index 83a7b3e5c..cc3351eb8 100644 --- a/migrations/schema.sql +++ b/migrations/schema.sql @@ -116,7 +116,6 @@ CREATE TABLE IF NOT EXISTS authcodes( CREATE TABLE IF NOT EXISTS settings( name VARCHAR(128) NOT NULL UNIQUE, value TEXT, - locked BOOLEAN, PRIMARY KEY(name)); CREATE TABLE IF NOT EXISTS appAddonConfigs( diff --git a/src/routes/settings.js b/src/routes/settings.js index bcd11297f..6ccf453a6 100644 --- a/src/routes/settings.js +++ b/src/routes/settings.js @@ -4,9 +4,7 @@ exports = module.exports = { set: set, get: get, - getCloudronAvatar: getCloudronAvatar, - - verifySettingsLock: verifySettingsLock + getCloudronAvatar: getCloudronAvatar }; var assert = require('assert'), @@ -19,20 +17,6 @@ var assert = require('assert'), settings = require('../settings.js'), SettingsError = settings.SettingsError; -function verifySettingsLock(req, res, next) { - assert.strictEqual(typeof req.params.setting, 'string'); - - settings.get(req.params.setting, function (error, result) { - // not locked. let actual route return not found. this is useful for entries stored outside the database like cloudron_avatar - if (error && error.reason === SettingsError.NOT_FOUND) return next(); - if (error) return next(new HttpError(500, error)); - - if (result.locked) return next(new HttpError(423, 'This setting is locked')); - - next(); - }); -} - function getAppAutoupdatePattern(req, res, next) { settings.getAppAutoupdatePattern(function (error, pattern) { if (error) return next(new HttpError(500, error)); diff --git a/src/server.js b/src/server.js index 6506e8338..02d6fa23b 100644 --- a/src/server.js +++ b/src/server.js @@ -104,7 +104,6 @@ function initializeExpressSync() { var domainsManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_MANAGE); const verifyDomainLock = routes.domains.verifyDomainLock; - const verifySettingsLock = routes.settings.verifySettingsLock; // csrf protection var csrf = routes.oauth2.csrf(); @@ -244,8 +243,8 @@ function initializeExpressSync() { router.post('/api/v1/apps/:id/owner', appsManageScope, routes.apps.setOwner); // settings routes (these are for the settings tab - avatar & name have public routes for normal users. see above) - router.get ('/api/v1/settings/:setting', settingsScope, verifySettingsLock, routes.settings.get); - router.post('/api/v1/settings/:setting', settingsScope, verifySettingsLock, (req, res, next) => { + router.get ('/api/v1/settings/:setting', settingsScope, routes.settings.get); + router.post('/api/v1/settings/:setting', settingsScope, (req, res, next) => { return req.params.setting === 'cloudron_avatar' ? multipart(req, res, next) : next(); }, routes.settings.set); diff --git a/src/settingsdb.js b/src/settingsdb.js index e645fdb60..136ec0959 100644 --- a/src/settingsdb.js +++ b/src/settingsdb.js @@ -13,7 +13,7 @@ var assert = require('assert'), database = require('./database.js'), DatabaseError = require('./databaseerror'); -const SETTINGS_FIELDS = [ 'name', 'value', 'locked' ].join(','); +const SETTINGS_FIELDS = [ 'name', 'value' ].join(','); function get(key, callback) { assert.strictEqual(typeof key, 'string');