Funktion für Admin-Prüfung erweitert

2019-05-13 10:40:29 +02:00 · 2019-05-13 10:40:29 +02:00 · 278f7258b7
commit 278f7258b7
parent b6e1f514be
1 changed files with 14 additions and 9 deletions
--- a/server/auth.js
+++ b/server/auth.js
@ -100,8 +100,9 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
  };

  function ensureAdmin(req, res, next) {
+	if (req.isAuthenticated()) {  
 	  db.get('SELECT permissions FROM waip_users WHERE id = ?', req.user.id, function(err, row) {
-      if ((req.isAuthenticated()) && (row.permissions == "admin")) {
+	    if (row.permissions == "admin") {
 		  // req.user is available for use here
 		  return next();
 	    };
@ -109,6 +110,10 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
 	    err.status = 401;
 	    next(err);
 	  });
+	// denied. redirect to login
+    var err = new Error('Sie sind nicht angemeldet!');
+    err.status = 401;
+    next(err);
  };

  function createUser(req, res) {