msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

fix status code on unauthorized

Browse Source
pull/7785/head
dhulripos 3 months ago
parent 9f481221ab
commit 5b162529a1
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File

21
server/controllers/common.js
Unescape View File

@ -75,12 +75,12 @@ router.get(['/d', '/d/*'], async (req, res, next) => {
if (versionId > 0) { if (versionId > 0) {
if (!WIKI.auth.checkAccess(req.user, ['read:history'], pageArgs)) { if (!WIKI.auth.checkAccess(req.user, ['read:history'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'downloadVersion' }) return res.status(403).render('unauthorized', { action: 'downloadVersion' })
} }
} else { } else {
if (!WIKI.auth.checkAccess(req.user, ['read:source'], pageArgs)) { if (!WIKI.auth.checkAccess(req.user, ['read:source'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'download' }) return res.status(403).render('unauthorized', { action: 'download' })
} }
} }
@ -142,7 +142,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
// -> EDIT MODE // -> EDIT MODE
if (!(effectivePermissions.pages.write || effectivePermissions.pages.manage)) { if (!(effectivePermissions.pages.write || effectivePermissions.pages.manage)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'edit' }) return res.status(403).render('unauthorized', { action: 'edit' })
} }
// -> Get page tags // -> Get page tags
@ -166,7 +166,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
// -> CREATE MODE // -> CREATE MODE
if (!effectivePermissions.pages.write) { if (!effectivePermissions.pages.write) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'create' }) return res.status(403).render('unauthorized', { action: 'create' })
} }
_.set(res.locals, 'pageMeta.title', `New Page`) _.set(res.locals, 'pageMeta.title', `New Page`)
@ -206,7 +206,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
} }
if (!WIKI.auth.checkAccess(req.user, ['read:history'], { path: pageVersion.path, locale: pageVersion.locale })) { if (!WIKI.auth.checkAccess(req.user, ['read:history'], { path: pageVersion.path, locale: pageVersion.locale })) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'sourceVersion' }) return res.status(403).render('unauthorized', { action: 'sourceVersion' })
} }
page.content = Buffer.from(pageVersion.content).toString('base64') page.content = Buffer.from(pageVersion.content).toString('base64')
page.editorKey = pageVersion.editor page.editorKey = pageVersion.editor
@ -221,7 +221,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
} }
if (!WIKI.auth.checkAccess(req.user, ['read:source'], { path: pageOriginal.path, locale: pageOriginal.locale })) { if (!WIKI.auth.checkAccess(req.user, ['read:source'], { path: pageOriginal.path, locale: pageOriginal.locale })) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'source' }) return res.status(403).render('unauthorized', { action: 'source' })
} }
page.content = Buffer.from(pageOriginal.content).toString('base64') page.content = Buffer.from(pageOriginal.content).toString('base64')
page.editorKey = pageOriginal.editorKey page.editorKey = pageOriginal.editorKey
@ -304,7 +304,7 @@ router.get(['/i', '/i/:id'], async (req, res, next) => {
tags: page.tags tags: page.tags
})) { })) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'view' }) return res.status(403).render('unauthorized', { action: 'view' })
} }
if (WIKI.config.lang.namespacing) { if (WIKI.config.lang.namespacing) {
@ -319,7 +319,7 @@ router.get(['/i', '/i/:id'], async (req, res, next) => {
*/ */
router.get(['/p', '/p/*'], (req, res, next) => { router.get(['/p', '/p/*'], (req, res, next) => {
if (!req.user || req.user.id < 1 || req.user.id === 2) { if (!req.user || req.user.id < 1 || req.user.id === 2) {
return res.render('unauthorized', { action: 'view' }) return res.status(403).render('unauthorized', { action: 'view' })
} }
_.set(res.locals, 'pageMeta.title', 'User Profile') _.set(res.locals, 'pageMeta.title', 'User Profile')
@ -355,12 +355,12 @@ router.get(['/s', '/s/*'], async (req, res, next) => {
if (versionId > 0) { if (versionId > 0) {
if (!effectivePermissions.history.read) { if (!effectivePermissions.history.read) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'sourceVersion' }) return res.status(403).render('unauthorized', { action: 'sourceVersion' })
} }
} else { } else {
if (!effectivePermissions.source.read) { if (!effectivePermissions.source.read) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized') _.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'source' }) return res.status(403).render('unauthorized', { action: 'source' })
} }
} }
@ -582,3 +582,4 @@ router.get('/*', async (req, res, next) => {
}) })
module.exports = router module.exports = router

Write Preview
Loading…
Cancel
Save