mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-23 00:46:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

security: Enable authorize plugins to grant read-only access

Browse source
This commit is contained in:
Richard Hansen 2020-09-19 15:30:04 -04:00 committed by John McLear
parent 505d67ed1c
commit 180983736d
5 changed files with 41 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/node/hooks/express/specialpages.js
View file

@ -3,6 +3,7 @@ var eejs = require('ep_etherpad-lite/node/eejs');
var toolbar = require("ep_etherpad-lite/node/utils/toolbar");
var hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
var settings = require('../../utils/Settings');
const webaccess = require('./webaccess');
exports.expressCreateServer = function (hook_name, args, cb) {
// expose current stats
@ -42,7 +43,8 @@ exports.expressCreateServer = function (hook_name, args, cb) {
args.app.get('/p/:pad', function(req, res, next)
{
// The below might break for pads being rewritten
var isReadOnly = req.url.indexOf("/p/r.") === 0;
const isReadOnly =
req.url.indexOf("/p/r.") === 0 || !webaccess.userCanModify(req.params.pad, req);
hooks.callAll("padInitToolbar", {
toolbar: toolbar,