Pass through user info, plugin dev's can handle their own permissions.

This commit is contained in:
Ryan Blenis 2019-11-05 04:17:10 -05:00
parent 04e4af08f6
commit 7a052eaf69
2 changed files with 6 additions and 6 deletions

View File

@ -383,22 +383,22 @@ module.exports.pluginHandler = function (parent) {
}); });
}; };
obj.handleAdminReq = function (req, res, serv) { obj.handleAdminReq = function (req, res, user, serv) {
var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
serv.app.set('views', path); serv.app.set('views', path);
if (obj.plugins[req.query.pin] != null && typeof obj.plugins[req.query.pin].handleAdminReq == 'function') { if (obj.plugins[req.query.pin] != null && typeof obj.plugins[req.query.pin].handleAdminReq == 'function') {
obj.plugins[req.query.pin].handleAdminReq(req, res); obj.plugins[req.query.pin].handleAdminReq(req, res, user);
} }
else { else {
res.sendStatus(401); res.sendStatus(401);
} }
} }
obj.handleAdminPostReq = function(req, res, serv) { obj.handleAdminPostReq = function(req, res, user, serv) {
var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
serv.app.set('views', path); serv.app.set('views', path);
if (obj.plugins[req.query.pin] != null && typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function') { if (obj.plugins[req.query.pin] != null && typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function') {
obj.plugins[req.query.pin].handleAdminPostReq(req, res); obj.plugins[req.query.pin].handleAdminPostReq(req, res, user);
} }
else { else {
res.sendStatus(401); res.sendStatus(401);

View File

@ -3196,7 +3196,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var user = obj.users[req.session.userid]; var user = obj.users[req.session.userid];
if ((user == null) || ((user.siteadmin & 0xFFFFFFFF) == 0)) { res.sendStatus(401); return; } if ((user == null) || ((user.siteadmin & 0xFFFFFFFF) == 0)) { res.sendStatus(401); return; }
parent.pluginHandler.handleAdminReq(req, res, obj); parent.pluginHandler.handleAdminReq(req, res, user, obj);
} }
obj.handlePluginAdminPostReq = function(req, res) { obj.handlePluginAdminPostReq = function(req, res) {
@ -3206,7 +3206,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var user = obj.users[req.session.userid]; var user = obj.users[req.session.userid];
if ((user == null) || ((user.siteadmin & 0xFFFFFFFF) == 0)) { res.sendStatus(401); return; } if ((user == null) || ((user.siteadmin & 0xFFFFFFFF) == 0)) { res.sendStatus(401); return; }
parent.pluginHandler.handleAdminPostReq(req, res, obj); parent.pluginHandler.handleAdminPostReq(req, res, user, obj);
} }
// Starts the HTTPS server, this should be called after the user/mesh tables are loaded // Starts the HTTPS server, this should be called after the user/mesh tables are loaded