2021-01-21 21:06:52 +00:00
|
|
|
'use strict';
|
2020-11-23 13:24:19 -05:00
|
|
|
const securityManager = require('./db/SecurityManager');
|
2012-02-25 00:15:57 +01:00
|
|
|
|
2019-02-08 23:20:57 +01:00
|
|
|
// checks for padAccess
|
2021-02-21 20:33:20 +00:00
|
|
|
module.exports = async (req, res) => {
|
2021-04-12 17:30:05 -04:00
|
|
|
const {session: {user} = {}} = req;
|
|
|
|
|
const accessObj = await securityManager.checkAccess(
|
|
|
|
|
req.params.pad, req.cookies.sessionID, req.cookies.token, user);
|
2012-02-25 00:15:57 +01:00
|
|
|
|
2021-04-12 17:30:05 -04:00
|
|
|
if (accessObj.accessStatus === 'grant') {
|
|
|
|
|
// there is access, continue
|
|
|
|
|
return true;
|
|
|
|
|
} else {
|
|
|
|
|
// no access
|
|
|
|
|
res.status(403).send("403 - Can't touch this");
|
|
|
|
|
return false;
|
2019-01-23 16:29:36 +00:00
|
|
|
}
|
2020-11-23 13:24:19 -05:00
|
|
|
};
|
