jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

make branding route for owner only

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-03-15 11:32:18 -07:00
parent 23ee758ac9
commit b997f2329d
4 changed files with 110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/server.js
View File

@@ -79,6 +79,7 @@ function initializeExpressSync() {
// to keep routes code short
const password = routes.accesscontrol.passwordAuth;
const token = routes.accesscontrol.tokenAuth;
const authorizeOwner = routes.accesscontrol.authorize(users.ROLE_OWNER);
const authorizeAdmin = routes.accesscontrol.authorize(users.ROLE_ADMIN);
const authorizeUserManager = routes.accesscontrol.authorize(users.ROLE_USER_MANAGER);
@@ -230,6 +231,11 @@ function initializeExpressSync() {
router.get ('/api/v1/apps/:id/download', token, authorizeAdmin, routes.apps.downloadFile);
router.post('/api/v1/apps/:id/upload', token, authorizeAdmin, multipart, routes.apps.uploadFile);
router.get ('/api/v1/branding/:setting', token, authorizeOwner, routes.branding.get);
router.post('/api/v1/branding/:setting', token, authorizeOwner, (req, res, next) => {
return req.params.setting === 'cloudron_avatar' ? multipart(req, res, next) : next();
}, routes.settings.set);
// settings routes (these are for the settings tab - avatar & name have public routes for normal users. see above)
router.get ('/api/v1/settings/:setting', token, authorizeAdmin, routes.settings.get);
router.post('/api/v1/settings/:setting', token, authorizeAdmin, (req, res, next) => {