Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

Commit

Permalink
system admin can add, publish, remove the packages. fixed #176
Browse files Browse the repository at this point in the history
  • Loading branch information
fengmk2 committed Jan 26, 2014

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 2981a17 commit 1047e18
Showing 2 changed files with 23 additions and 33 deletions.
42 changes: 9 additions & 33 deletions controllers/registry/module.js
Original file line number Diff line number Diff line change
@@ -316,10 +316,8 @@ exports.upload = function (req, res, next) {
if (err || !mod) {
return next(err);
}
var match = mod.package.maintainers.filter(function (item) {
return item.name === username;
});
if (match.length === 0 || mod.name !== name) {

if (!common.isMaintainer(req, mod.package.maintainers) || mod.name !== name) {
return res.json(403, {
error: 'no_perms',
reason: 'Current user can not publish this module'
@@ -589,14 +587,8 @@ exports.add = function (req, res, next) {
var username = req.session.name;
var name = req.params.name;
var pkg = req.body || {};
var maintainers = pkg.maintainers || [];
var match = maintainers.filter(function (item) {
return item.name === username;
});

debug('add module %s maintainers match: %j, current user: %s', name, match, username);

if (match.length === 0) {
if (!common.isMaintainer(req, pkg.maintainers)) {
return res.json(403, {
error: 'no_perms',
reason: 'Current user can not publish this module'
@@ -640,11 +632,8 @@ exports.add = function (req, res, next) {
ep.all('latest', 'next', function (latestMod, nextMod) {
var maintainers = latestMod && latestMod.package.maintainers.length > 0 ?
latestMod.package.maintainers : nextMod.package.maintainers;
var match = maintainers.filter(function (item) {
return item.name === username;
});

if (match.length === 0) {
if (!common.isMaintainer(req, maintainers)) {
return res.json(403, {
error: 'no_perms',
reason: 'Current user can not publish this module'
@@ -681,12 +670,9 @@ exports.removeWithVersions = function (req, res, next) {
if (!mods || !mods.length) {
return next();
}
//TODO replace this maintainer check
var match = mods[0].package.maintainers.filter(function (item) {
return item.name === username;
});

if (!match.length || mods[0].name !== name) {
var firstMod = mods[0];
if (!common.isMaintainer(req, firstMod.package.maintainers) || firstMod.name !== name) {
return res.json(403, {
error: 'no_perms',
reason: 'Current user can not update this module'
@@ -724,11 +710,8 @@ exports.removeTar = function (req, res, next) {
if (!mod) {
return next();
}
//TODO replace this maintainer check
var match = mod.package.maintainers.filter(function (item) {
return item.name === username;
});
if (!match.length || mod.name !== name) {

if (!common.isMaintainer(req, mod.package.maintainers) || mod.name !== name) {
return res.json(403, {
error: 'no_perms',
reason: 'Current user can not delete this tarball'
@@ -759,15 +742,8 @@ exports.removeAll = function (req, res, next) {
if (!mod) {
return next();
}
//TODO replace this maintainer check
var match = mod.package.maintainers.filter(function (item) {
return item.name === username;
});
if (req.session.isAdmin) {
match.push({name: username});
}

if (!match.length || mod.name !== name) {
if (!common.isMaintainer(req, mod.package.maintainers) || mod.name !== name) {
return res.json(403, {
error: 'no_perms',
reason: 'Current user can not delete this tarball'
14 changes: 14 additions & 0 deletions lib/common.js
Original file line number Diff line number Diff line change
@@ -41,3 +41,17 @@ exports.setDownloadURL = function (pkg, req, host) {
exports.isAdmin = function (username) {
return typeof config.admins[username] === 'string';
};

exports.isMaintainer = function (req, maintainers) {
if (req.session.isAdmin) {
return true;
}

var username = req.session.name;
maintainers = maintainers || [];
var match = maintainers.filter(function (item) {
return item.name === username;
});

return match.length > 0;
};

0 comments on commit 1047e18

Please sign in to comment.