mkrieger/Wachalarm-IP-Web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Funktion zur Erkennung von Admin-Rechten angelegt

Browse Source
This commit is contained in:
Robert Richter 2019-05-11 22:30:24 +02:00
parent dc76e5c7b6
commit 5e5fcdd9c0
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
server/auth.js
View File

@ -92,13 +92,24 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
if (req.isAuthenticated()) { if (req.isAuthenticated()) {
// req.user is available for use here // req.user is available for use here
return next(); return next();
} };
// denied. redirect to login // denied. redirect to login
res.redirect('/login') var err = new Error('Sie sind nicht angemeldet!');
} err.status = 401;
next(err);
};
//TODO: ensureAuthenticated für admin-user erstellen function ensureAdmin(req, res, next) {
//-> req.user && req.user.permissions == "admin" db.get('SELECT permissions FROM waip_users WHERE id = ?', req.user.id, function(err, row) {
if ((req.isAuthenticated()) && (row.permissions == "admin")) {
// req.user is available for use here
return next();
};
var err = new Error('Sie verfügen nicht über die notwendigen Berechtigungen!');
err.status = 401;
next(err);
});
};
function createUser(req, res) { function createUser(req, res) {
db.get('SELECT user FROM waip_users WHERE user = ?', req.body.username, function(err, row) { db.get('SELECT user FROM waip_users WHERE user = ?', req.body.username, function(err, row) {
@ -192,6 +203,7 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
return { return {
ensureAuthenticated: ensureAuthenticated, ensureAuthenticated: ensureAuthenticated,
ensureAdmin:ensureAdmin,
createUser: createUser, createUser: createUser,
deleteUser: deleteUser, deleteUser: deleteUser,
editUser: editUser editUser: editUser