From 97d01de155c888fd94968f0272aaa2d0298b6e4f Mon Sep 17 00:00:00 2001 From: barisusakli Date: Mon, 1 Dec 2014 22:57:57 -0500 Subject: [PATCH] fix acp --- src/middleware/admin.js | 15 --------------- src/middleware/middleware.js | 25 ++++++++++++++++++++++++- src/routes/admin.js | 2 +- src/routes/index.js | 4 ++-- 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/src/middleware/admin.js b/src/middleware/admin.js index ed39aa822f..a71d46d41d 100644 --- a/src/middleware/admin.js +++ b/src/middleware/admin.js @@ -14,21 +14,6 @@ var app, helpers: require('../controllers/helpers') }; - -middleware.isAdmin = function(req, res, next) { - if (!req.user) { - return controllers.helpers.notAllowed(req, res); - } - - user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) { - if (err || isAdmin) { - return next(err); - } - - controllers.helpers.notAllowed(req, res); - }); -}; - middleware.buildHeader = function(req, res, next) { var uid = req.user ? req.user.uid : 0; async.parallel([ diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 5eb4b062bd..880880b369 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -31,7 +31,7 @@ middleware.authenticate = function(req, res, next) { return next(); } - helpers.notAllowed(req, res); + controllers.helpers.notAllowed(req, res); }; middleware.applyCSRF = csrf(); @@ -178,6 +178,29 @@ middleware.checkAccountPermissions = function(req, res, next) { }); }; +middleware.isAdmin = function(req, res, next) { + function render() { + if (res.locals.isAPI) { + return controllers.helpers.notAllowed(req, res); + } + + middleware.buildHeader(req, res, function() { + controllers.helpers.notAllowed(req, res); + }); + } + if (!req.user) { + render(); + } + + user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) { + if (err || isAdmin) { + return next(err); + } + + render(); + }); +}; + middleware.buildBreadcrumbs = function(req, res, next) { var breadcrumbs = [], findParents = function(cid) { diff --git a/src/routes/admin.js b/src/routes/admin.js index aa8e20b676..7d867ddbf0 100644 --- a/src/routes/admin.js +++ b/src/routes/admin.js @@ -21,7 +21,7 @@ function apiRoutes(app, middleware, controllers) { function adminRouter(middleware, controllers) { var router = express.Router(); - router.use(middleware.applyCSRF); + router.use(middleware.admin.buildHeader); addRoutes(router, middleware, controllers); diff --git a/src/routes/index.js b/src/routes/index.js index 67553855c4..b2612d12ad 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -119,8 +119,8 @@ module.exports = function(app, middleware) { app.use(middleware.maintenanceMode); app.all(relativePath + '/api/?*', middleware.prepareAPI); - app.all(relativePath + '/api/admin/?*', middleware.admin.isAdmin, middleware.prepareAPI); - app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.buildHeader, middleware.admin.isAdmin); + app.all(relativePath + '/api/admin/?*', middleware.isAdmin); + app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.applyCSRF, middleware.isAdmin); adminRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers);