mirror of
https://github.com/Jermolene/TiddlyWiki5
synced 2025-01-22 15:06:52 +00:00
parent
1f1b785524
commit
faf5d6982e
@ -39,7 +39,7 @@ exports.handler = function (request, response, state) {
|
||||
var permissions = state.server.sqlTiddlerDatabase.listPermissions();
|
||||
|
||||
// This ensures that the user attempting to view the ACL management page has permission to do so
|
||||
if(!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE'))){
|
||||
if(!state.authenticatedUser?.isAdmin && (!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE')))){
|
||||
response.writeHead(403, "Forbidden");
|
||||
response.end();
|
||||
return
|
||||
|
@ -31,8 +31,8 @@ exports.handler = function(request,response,state) {
|
||||
"Content-Type": "text/html"
|
||||
});
|
||||
// filter bags and recipies by user's read access from ACL
|
||||
var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads);
|
||||
var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads);
|
||||
var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads);
|
||||
var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads);
|
||||
|
||||
// Render the html
|
||||
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{
|
||||
|
@ -51,6 +51,12 @@ exports.middleware = function (request, response, state, entityType, permissionN
|
||||
var hasAnonymousAccess = state.allowAnon ? (isGetRequest ? state.allowAnonReads : state.allowAnonWrites) : false;
|
||||
var anonymousAccessConfigured = state.anonAccessConfigured;
|
||||
var entity = sqlTiddlerDatabase.getEntityByName(entityType, decodedEntityName);
|
||||
var isAdmin = state.authenticatedUser?.isAdmin;
|
||||
|
||||
if(isAdmin) {
|
||||
return;
|
||||
}
|
||||
|
||||
if(entity?.owner_id) {
|
||||
if(state.authenticatedUser?.user_id && (state.authenticatedUser?.user_id !== entity.owner_id) || !state.authenticatedUser?.user_id && !hasAnonymousAccess) {
|
||||
const hasPermission = state.authenticatedUser?.user_id ?
|
||||
|
Loading…
Reference in New Issue
Block a user