mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-01-20 06:29:53 +01:00
SecurityManager: Simplify checkAccess
This commit is contained in:
parent
17096919e0
commit
68be78ace0
1 changed files with 2 additions and 19 deletions
|
@ -70,25 +70,8 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
|
||||||
// a session is not required, so we'll check if it's a public pad
|
// a session is not required, so we'll check if it's a public pad
|
||||||
if (padID.indexOf("$") === -1) {
|
if (padID.indexOf("$") === -1) {
|
||||||
// it's not a group pad, means we can grant access
|
// it's not a group pad, means we can grant access
|
||||||
|
if (settings.editOnly && !(await p_padExists)) return deny;
|
||||||
// assume user has access
|
return {accessStatus: 'grant', authorID: await p_tokenAuthor};
|
||||||
let authorID = await p_tokenAuthor;
|
|
||||||
let statusObject = { accessStatus: "grant", authorID };
|
|
||||||
|
|
||||||
if (settings.editOnly) {
|
|
||||||
// user can't create pads
|
|
||||||
|
|
||||||
let padExists = await p_padExists;
|
|
||||||
|
|
||||||
if (!padExists) {
|
|
||||||
// pad doesn't exist - user can't have access
|
|
||||||
statusObject.accessStatus = "deny";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// user may create new pads - no need to check anything
|
|
||||||
// grant access, with author of token
|
|
||||||
return statusObject;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue