2021-01-21 22:06:52 +01:00
|
|
|
'use strict';
|
2020-11-23 19:24:19 +01:00
|
|
|
const securityManager = require('./db/SecurityManager');
|
2012-02-25 00:15:57 +01:00
|
|
|
|
2019-02-08 23:20:57 +01:00
|
|
|
// checks for padAccess
|
2021-02-21 21:33:20 +01:00
|
|
|
module.exports = async (req, res) => {
|
2021-04-12 23:30:05 +02:00
|
|
|
const {session: {user} = {}} = req;
|
|
|
|
|
const accessObj = await securityManager.checkAccess(
|
|
|
|
|
req.params.pad, req.cookies.sessionID, req.cookies.token, user);
|
2012-02-25 00:15:57 +01:00
|
|
|
|
2021-04-12 23:30:05 +02:00
|
|
|
if (accessObj.accessStatus === 'grant') {
|
|
|
|
|
// there is access, continue
|
|
|
|
|
return true;
|
|
|
|
|
} else {
|
|
|
|
|
// no access
|
|
|
|
|
res.status(403).send("403 - Can't touch this");
|
|
|
|
|
return false;
|
2019-01-23 17:29:36 +01:00
|
|
|
}
|
2020-11-23 19:24:19 +01:00
|
|
|
};
|
