From 40834cc010982b952bbb865d0230447f9108da08 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@designcreateplay.com>
Date: Fri, 3 Apr 2015 21:15:22 -0400
Subject: [PATCH] updated checkAccountPermissions to call requireUser, and
added new hook for plugins to handle auth login
---
src/middleware/middleware.js | 38 ++++++++++++++++++++++--------------
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
index 88c6dbfbd1..ced0f40674 100644
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -32,6 +32,12 @@ var app,
middleware.authenticate = function(req, res, next) {
if (req.user) {
return next();
+ } else if (plugins.hasListeners('action:middleware.authenticate')) {
+ return plugins.fireHook('action:middleware.authenticate', {
+ req: req,
+ res: res,
+ next: next
+ });
}
controllers.helpers.notAllowed(req, res);
@@ -124,29 +130,31 @@ middleware.checkGlobalPrivacySettings = function(req, res, next) {
middleware.checkAccountPermissions = function(req, res, next) {
// This middleware ensures that only the requested user and admins can pass
- if (!req.uid) {
- return controllers.helpers.notAllowed(req, res);
- }
-
- user.getUidByUserslug(req.params.userslug, function (err, uid) {
+ middleware.authenticate(req, res, function(err) {
if (err) {
return next(err);
}
- if (!uid) {
- return controllers.helpers.notFound(req, res);
- }
+ user.getUidByUserslug(req.params.userslug, function (err, uid) {
+ if (err) {
+ return next(err);
+ }
- if (parseInt(uid, 10) === req.uid) {
- return next();
- }
+ if (!uid) {
+ return controllers.helpers.notFound(req, res);
+ }
- user.isAdministrator(req.uid, function(err, isAdmin) {
- if (err || isAdmin) {
- return next(err);
+ if (parseInt(uid, 10) === req.uid) {
+ return next();
}
- controllers.helpers.notAllowed(req, res);
+ user.isAdministrator(req.uid, function(err, isAdmin) {
+ if (err || isAdmin) {
+ return next(err);
+ }
+
+ controllers.helpers.notAllowed(req, res);
+ });
});
});
};