Add editOnly option

This commit is contained in:
Jordan 2011-11-21 12:44:33 -05:00
parent 5630889fb0
commit 5e7c5d5dd3
4 changed files with 35 additions and 4 deletions

View file

@ -35,6 +35,8 @@ var settings = require("../utils/Settings")
*/ */
exports.checkAccess = function (padID, sessionID, token, password, callback) exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
var statusObject;
// a valid session is required (api-only mode) // a valid session is required (api-only mode)
if(settings.requireSession) if(settings.requireSession)
{ {
@ -53,9 +55,27 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
//get author for this token //get author for this token
authorManager.getAuthor4Token(token, function(err, author) authorManager.getAuthor4Token(token, function(err, author)
{
// assume user has access
statusObject = {accessStatus: "grant", authorID: author};
// user can't create pads
if(settings.editOnly)
{
// check if pad exists
padManager.doesPadExists(padID, function(err, exists)
{
// pad doesn't exist - user can't have access
if(!exists) statusObject.accessStatus = "deny";
// grant or deny access, with author of token
callback(err, statusObject);
});
}
// user may create new pads - no need to check anything
else
{ {
// grant access, with author of token // grant access, with author of token
callback(err, {accessStatus: "grant", authorID: author}); callback(err, statusObject);
}
}) })
//don't continue //don't continue
@ -72,8 +92,6 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
var isPasswordProtected; var isPasswordProtected;
var passwordStatus = password == null ? "notGiven" : "wrong"; // notGiven, correct, wrong var passwordStatus = password == null ? "notGiven" : "wrong"; // notGiven, correct, wrong
var statusObject;
async.series([ async.series([
//get basic informations from the database //get basic informations from the database
function(callback) function(callback)
@ -195,6 +213,8 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
//--> grant access //--> grant access
statusObject = {accessStatus: "grant", authorID: sessionAuthor}; statusObject = {accessStatus: "grant", authorID: sessionAuthor};
//--> deny access if user isn't allowed to create the pad
if(settings.editOnly) statusObject.accessStatus = "deny";
} }
// there is no valid session avaiable AND pad exists // there is no valid session avaiable AND pad exists
else if(!validSession && padExists) else if(!validSession && padExists)

View file

@ -48,6 +48,11 @@ exports.defaultPadText = "Welcome to Etherpad Lite!\n\nThis pad text is synchron
*/ */
exports.requireSession = false; exports.requireSession = false;
/**
* A flag that prevents users from creating new pads
*/
exports.editOnly = false;
/** /**
* A flag that shows if minification is enabled or not * A flag that shows if minification is enabled or not
*/ */

View file

@ -32,6 +32,9 @@
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */ /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
"requireSession" : false, "requireSession" : false,
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
"editOnly" : true,
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
but makes it impossible to debug the javascript/css */ but makes it impossible to debug the javascript/css */
"minify" : true, "minify" : true,

View file

@ -31,6 +31,9 @@
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */ /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
"requireSession" : false, "requireSession" : false,
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
"editOnly" : true,
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
but makes it impossible to debug the javascript/css */ but makes it impossible to debug the javascript/css */
"minify" : false, "minify" : false,