mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-12 22:26:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add limit for constrain anonymous view note

Browse source
This commit is contained in:
蒼時弦也 2017-01-05 22:36:40 +08:00
parent 23a12dd927
commit aaf1ff4b2f
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/response.js
View file

@ -117,7 +117,7 @@ function newNote(req, res, next) {
}
function checkViewPermission(req, note) {
if (note.permission == 'private') {
if (note.permission == 'private' || !config.allowanonymousView) {
if (!req.isAuthenticated() || note.ownerId != req.user.id)
return false;
else
@ -161,7 +161,7 @@ function showNote(req, res, next) {
findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId;
var id = LZString.compressToBase64(note.id);
var id = LZString.compressToBase64(note.id);
if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
return res.redirect(config.serverurl + "/" + (note.alias || id));
return responseHackMD(res, note);
@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) {
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
break;
default:
res.redirect(config.serverurl + '/p/' + note.shortid);
res.redirect(config.serverurl + '/p/' + note.shortid);
break;
}
});