msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

fix: Add missing status code on unauthorized access (#7785)

Browse Source 
* fix status code on unauthorized

* Remove unnecessary line breaks
main
dhulripos 1 day ago committed by GitHub
parent 9f481221ab
commit b49c00226c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File

20
server/controllers/common.js
Unescape View File

@ -75,12 +75,12 @@ router.get(['/d', '/d/*'], async (req, res, next) => {
if (versionId > 0) {
if (!WIKI.auth.checkAccess(req.user, ['read:history'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'downloadVersion' })
return res.status(403).render('unauthorized', { action: 'downloadVersion' })
}
} else {
if (!WIKI.auth.checkAccess(req.user, ['read:source'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'download' })
return res.status(403).render('unauthorized', { action: 'download' })
}
}
@ -142,7 +142,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
// -> EDIT MODE
if (!(effectivePermissions.pages.write || effectivePermissions.pages.manage)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'edit' })
return res.status(403).render('unauthorized', { action: 'edit' })
}
// -> Get page tags
@ -166,7 +166,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
// -> CREATE MODE
if (!effectivePermissions.pages.write) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'create' })
return res.status(403).render('unauthorized', { action: 'create' })
}
_.set(res.locals, 'pageMeta.title', `New Page`)
@ -206,7 +206,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
}
if (!WIKI.auth.checkAccess(req.user, ['read:history'], { path: pageVersion.path, locale: pageVersion.locale })) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'sourceVersion' })
return res.status(403).render('unauthorized', { action: 'sourceVersion' })
}
page.content = Buffer.from(pageVersion.content).toString('base64')
page.editorKey = pageVersion.editor
@ -221,7 +221,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
}
if (!WIKI.auth.checkAccess(req.user, ['read:source'], { path: pageOriginal.path, locale: pageOriginal.locale })) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'source' })
return res.status(403).render('unauthorized', { action: 'source' })
}
page.content = Buffer.from(pageOriginal.content).toString('base64')
page.editorKey = pageOriginal.editorKey
@ -304,7 +304,7 @@ router.get(['/i', '/i/:id'], async (req, res, next) => {
tags: page.tags
})) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'view' })
return res.status(403).render('unauthorized', { action: 'view' })
}
if (WIKI.config.lang.namespacing) {
@ -319,7 +319,7 @@ router.get(['/i', '/i/:id'], async (req, res, next) => {
*/
router.get(['/p', '/p/*'], (req, res, next) => {
if (!req.user || req.user.id < 1 || req.user.id === 2) {
return res.render('unauthorized', { action: 'view' })
return res.status(403).render('unauthorized', { action: 'view' })
}
_.set(res.locals, 'pageMeta.title', 'User Profile')
@ -355,12 +355,12 @@ router.get(['/s', '/s/*'], async (req, res, next) => {
if (versionId > 0) {
if (!effectivePermissions.history.read) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'sourceVersion' })
return res.status(403).render('unauthorized', { action: 'sourceVersion' })
}
} else {
if (!effectivePermissions.source.read) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'source' })
return res.status(403).render('unauthorized', { action: 'source' })
}
}

Write Preview
Loading…
Cancel
Save