Merge pull request #1787 from goldquest/dev_nopass_whensession

Grant access for valid session to password protected group pads

so, if user has valid session, they don't need the password

settings.json.template

@@ -59,6 +59,9 @@
 
   /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
   "editOnly" : false,
+
+  /* Users, who have a valid session, automatically get granted access to password protected pads */
+  "sessionNoPassword" : false,
   
   /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, 
      but makes it impossible to debug the javascript/css */

src/node/db/SecurityManager.js

@@ -223,6 +223,12 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
           //--> grant access
           statusObject = {accessStatus: "grant", authorID: sessionAuthor};
         }
+        //- the setting to bypass password validation is set
+        else if(settings.sessionNoPassword)
+        {
+          //--> grant access
+          statusObject = {accessStatus: "grant", authorID: sessionAuthor};
+        }
         //- the pad is password protected and password is correct
         else if(isPasswordProtected && passwordStatus == "correct")
         {

src/node/utils/Settings.js

@@ -109,6 +109,11 @@ exports.requireSession = false;
  */
 exports.editOnly = false;
 
+/**
+ * A flag that bypasses password prompts for users with valid sessions
+ */
+exports.sessionNoPassword = false;
+
 /**
  * Max age that responses will have (affects caching layer).
  */