tyler.durden/xo-server
1
0
Fork 0
mirror of https://github.com/mclueppers/xo-server.git synced 2025-04-08 20:55:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Permission checking in user.create().

Browse Source
This commit is contained in:
Julien Fontanet 2013-07-11 15:40:15 +02:00
parent 93bb0e9097
commit d80ff58bb8
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/api.js
View File

@ -220,7 +220,21 @@ Api.fn.user = {
throw Api.err.INVALID_PARAMS;
}
return this.users.create(p_email, p_pass, p_perm).then(function (user) {
var user_id = session.get('user_id');
if (undefined === user_id)
{
throw Api.err.UNAUTHORIZED;
}
var users = this.users;
return users.get(user_id).then(function (user) {
if (!user.hasPermission('admin'))
{
throw Api.err.UNAUTHORIZED;
}
return users.create(p_email, p_pass, p_perm);
}).then(function (user) {
return (''+ user.get('id'));
});
},

1
src/xo.js
View File

@ -162,6 +162,7 @@ function Xo()
this.users.add({
'email': 'bob@gmail.com',
'pw_hash': '$2a$10$PsSOXflmnNMEOd0I5ohJQ.cLty0R29koYydD0FBKO9Rb7.jvCelZq',
'permission': 'admin',
}).done();
// This events are used to automatically close connections if the