From 7a052eaf699e3029fa3e6b701215d5824f375097 Mon Sep 17 00:00:00 2001 From: Ryan Blenis Date: Tue, 5 Nov 2019 04:17:10 -0500 Subject: [PATCH] Pass through user info, plugin dev's can handle their own permissions. --- pluginHandler.js | 8 ++++---- webserver.js | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pluginHandler.js b/pluginHandler.js index 7ea2c6e5..fddc3f03 100644 --- a/pluginHandler.js +++ b/pluginHandler.js @@ -383,22 +383,22 @@ module.exports.pluginHandler = function (parent) { }); }; - obj.handleAdminReq = function (req, res, serv) { + obj.handleAdminReq = function (req, res, user, serv) { var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); serv.app.set('views', path); if (obj.plugins[req.query.pin] != null && typeof obj.plugins[req.query.pin].handleAdminReq == 'function') { - obj.plugins[req.query.pin].handleAdminReq(req, res); + obj.plugins[req.query.pin].handleAdminReq(req, res, user); } else { res.sendStatus(401); } } - obj.handleAdminPostReq = function(req, res, serv) { + obj.handleAdminPostReq = function(req, res, user, serv) { var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); serv.app.set('views', path); if (obj.plugins[req.query.pin] != null && typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function') { - obj.plugins[req.query.pin].handleAdminPostReq(req, res); + obj.plugins[req.query.pin].handleAdminPostReq(req, res, user); } else { res.sendStatus(401); diff --git a/webserver.js b/webserver.js index 6587d915..8aeb33e8 100644 --- a/webserver.js +++ b/webserver.js @@ -3196,7 +3196,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { var user = obj.users[req.session.userid]; if ((user == null) || ((user.siteadmin & 0xFFFFFFFF) == 0)) { res.sendStatus(401); return; } - parent.pluginHandler.handleAdminReq(req, res, obj); + parent.pluginHandler.handleAdminReq(req, res, user, obj); } obj.handlePluginAdminPostReq = function(req, res) { @@ -3206,7 +3206,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { var user = obj.users[req.session.userid]; if ((user == null) || ((user.siteadmin & 0xFFFFFFFF) == 0)) { res.sendStatus(401); return; } - parent.pluginHandler.handleAdminPostReq(req, res, obj); + parent.pluginHandler.handleAdminPostReq(req, res, user, obj); } // Starts the HTTPS server, this should be called after the user/mesh tables are loaded