From 0bbff06cfadb391e7a5870fea4ae2959a8accba0 Mon Sep 17 00:00:00 2001 From: psychobunny Date: Wed, 12 Mar 2014 17:39:10 -0400 Subject: [PATCH] use middleware.authenticate instead of checking in each fn --- src/controllers/admin.js | 12 ------------ src/routes/admin.js | 8 ++++---- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/src/controllers/admin.js b/src/controllers/admin.js index 3b5b95eab5..80f849a5bc 100644 --- a/src/controllers/admin.js +++ b/src/controllers/admin.js @@ -251,10 +251,6 @@ adminController.uploads.uploadImage = function(filename, req, res) { }; adminController.uploads.uploadCategoryPicture = function(req, res, next) { - if (!req.user) { - return res.redirect('/403'); - } - var allowedTypes = ['image/png', 'image/jpeg', 'image/jpg', 'image/gif'], params = null, er; try { @@ -280,10 +276,6 @@ adminController.uploads.uploadCategoryPicture = function(req, res, next) { }; adminController.uploads.uploadFavicon = function(req, res, next) { - if (!req.user) { - return res.redirect('/403'); - } - var allowedTypes = ['image/x-icon', 'image/vnd.microsoft.icon'], er; @@ -307,10 +299,6 @@ adminController.uploads.uploadFavicon = function(req, res, next) { }; adminController.uploads.uploadLogo = function(req, res, next) { - if (!req.user) { - return res.redirect('/403'); - } - var allowedTypes = ['image/png', 'image/jpeg', 'image/pjpeg', 'image/jpg', 'image/gif'], er; diff --git a/src/routes/admin.js b/src/routes/admin.js index 614a09ebd6..a75e7d1d16 100644 --- a/src/routes/admin.js +++ b/src/routes/admin.js @@ -52,11 +52,11 @@ function forumRoutes(app, middleware, controllers) { function apiRoutes(app, middleware, controllers) { // todo, needs to be in api namespace - app.get('/admin/users/csv', controllers.admin.users.getCSV); + app.get('/admin/users/csv', middleware.authenticate, controllers.admin.users.getCSV); - app.post('/admin/category/uploadpicture', controllers.admin.uploads.uploadCategoryPicture); - app.post('/admin/uploadfavicon', controllers.admin.uploads.uploadFavicon); - app.post('/admin/uploadlogo', controllers.admin.uploads.uploadLogo); + app.post('/admin/category/uploadpicture', middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture); + app.post('/admin/uploadfavicon', middleware.authenticate, controllers.admin.uploads.uploadFavicon); + app.post('/admin/uploadlogo', middleware.authenticate, controllers.admin.uploads.uploadLogo); } function miscRoutes(app, middleware, controllers) {