Refactor checkViewPermission to fix limited & protected permission check bug and fix code style

jackycute · jackycute · commit 14734372956f · 2017-01-16T23:47:53.000+08:00
diff --git a/lib/realtime.js b/lib/realtime.js
@@ -363,6 +363,22 @@ function interruptConnection(socket, note, user) {
     connectNextSocket();
 }
 
+function checkViewPermission(req, note) {
+    if (note.permission == 'private') {
+        if (req.user && req.user.logged_in && req.user.id == note.owner)
+            return true;
+        else
+            return false;
+    } else if (note.permission == 'limited' || note.permission == 'protected') {
+        if(req.user && req.user.logged_in)
+            return true;
+        else
+            return false;
+    } else {
+        return true;
+    }
+}
+
 var isConnectionBusy = false;
 var connectionSocketQueue = [];
 var isDisconnectBusy = false;
@@ -373,14 +389,10 @@ function finishConnection(socket, note, user) {
     if (!socket || !note || !user) {
         return interruptConnection(socket, note, user);
     }
-    //check view permission
-    if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
-        if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
-            //na
-        } else {
-            interruptConnection(socket, note, user);
-            return failConnection(403, 'connection forbidden', socket);
-        }
+    // check view permission
+    if (!checkViewPermission(socket.request, note)) {
+        interruptConnection(socket, note, user);
+        return failConnection(403, 'connection forbidden', socket);
     }
     // update user color to author color
     if (note.authors[user.userid]) {
@@ -789,18 +801,14 @@ function connection(socket) {
                     for (var i = 0, l = note.socks.length; i < l; i++) {
                         var sock = note.socks[i];
                         if (typeof sock !== 'undefined' && sock) {
-                            //check view permission
-                            if (permission == 'limited' || permission == 'protected' || permission == 'private') {
-                                if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
-                                    //na
-                                } else {
-                                    sock.emit('info', {
-                                        code: 403
-                                    });
-                                    setTimeout(function () {
-                                        sock.disconnect(true);
-                                    }, 0);
-                                }
+                            // check view permission
+                            if (!checkViewPermission(sock.request, note)) {
+                                sock.emit('info', {
+                                    code: 403
+                                });
+                                setTimeout(function () {
+                                    sock.disconnect(true);
+                                }, 0);
                             }
                         }
                     }
diff --git a/lib/response.js b/lib/response.js
@@ -127,10 +127,10 @@ function checkViewPermission(req, note) {
         else
             return true;
     } else if (note.permission == 'limited' || note.permission == 'protected') {
-        if( !req.isAuthenticated() ) {
+        if(!req.isAuthenticated())
             return false;
-        }
-        return true;
+        else
+            return true;
     } else {
         return true;
     }
