hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix acp

Browse Source
v1.18.x
barisusakli 10 years ago
parent ddd6ed9e8c
commit 97d01de155
4 changed files with 27 additions and 19 deletions
Show Stats Download Patch File Download Diff File

15
src/middleware/admin.js
Unescape Escape View File

@ -14,21 +14,6 @@ var app,
helpers: require('../controllers/helpers')
};
middleware.isAdmin = function(req, res, next) {
if (!req.user) {
return controllers.helpers.notAllowed(req, res);
}
user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
if (err || isAdmin) {
return next(err);
}
controllers.helpers.notAllowed(req, res);
});
};
middleware.buildHeader = function(req, res, next) {
var uid = req.user ? req.user.uid : 0;
async.parallel([

25
src/middleware/middleware.js
Unescape Escape View File

@ -31,7 +31,7 @@ middleware.authenticate = function(req, res, next) {
return next();
}
helpers.notAllowed(req, res);
controllers.helpers.notAllowed(req, res);
};
middleware.applyCSRF = csrf();
@ -178,6 +178,29 @@ middleware.checkAccountPermissions = function(req, res, next) {
});
};
middleware.isAdmin = function(req, res, next) {
function render() {
if (res.locals.isAPI) {
return controllers.helpers.notAllowed(req, res);
}
middleware.buildHeader(req, res, function() {
controllers.helpers.notAllowed(req, res);
});
}
if (!req.user) {
render();
}
user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
if (err || isAdmin) {
return next(err);
}
render();
});
};
middleware.buildBreadcrumbs = function(req, res, next) {
var breadcrumbs = [],
findParents = function(cid) {

2
src/routes/admin.js
Unescape Escape View File

@ -21,7 +21,7 @@ function apiRoutes(app, middleware, controllers) {
function adminRouter(middleware, controllers) {
var router = express.Router();
router.use(middleware.applyCSRF);
router.use(middleware.admin.buildHeader);
addRoutes(router, middleware, controllers);

4
src/routes/index.js
Unescape Escape View File

@ -119,8 +119,8 @@ module.exports = function(app, middleware) {
app.use(middleware.maintenanceMode);
app.all(relativePath + '/api/?*', middleware.prepareAPI);
app.all(relativePath + '/api/admin/?*', middleware.admin.isAdmin, middleware.prepareAPI);
app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.buildHeader, middleware.admin.isAdmin);
app.all(relativePath + '/api/admin/?*', middleware.isAdmin);
app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.applyCSRF, middleware.isAdmin);
adminRoutes(router, middleware, controllers);
metaRoutes(router, middleware, controllers);

Write Preview
Loading…
Cancel
Save