ownerRequired.js 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243
  1. const cache = require('../../cache');
  2. const db = require('../../db');
  3. const utils = require('../../utils');
  4. const logger = require('../../logger');
  5. const async = require('async');
  6. const stations = require('../../stations');
  7. module.exports = function(next) {
  8. return function(session, stationId) {
  9. let args = [];
  10. for (let prop in arguments) args.push(arguments[prop]);
  11. let cb = args[args.length - 1];
  12. async.waterfall([
  13. (next) => {
  14. cache.hget('sessions', session.sessionId, next);
  15. },
  16. (session, next) => {
  17. if (!session || !session.userId) return next('Login required.');
  18. this.session = session;
  19. db.models.user.findOne({_id: session.userId}, next);
  20. },
  21. (user, next) => {
  22. if (!user) return next('Login required.');
  23. if (user.role === 'admin') return next(true);
  24. stations.getStation(stationId, next);
  25. },
  26. (station, next) => {
  27. if (!station) return next('Station not found.');
  28. if (station.type === 'community' && station.owner === session.userId) return next(true);
  29. next('Invalid permissions.');
  30. }
  31. ], (err) => {
  32. if (err !== true) {
  33. err = utils.getError(err);
  34. logger.info("OWNER_REQUIRED", `User failed to pass owner required check for station "${stationId}". "${err}"`);
  35. return cb({status: 'failure', message: err});
  36. }
  37. logger.info("OWNER_REQUIRED", `User "${session.userId}" passed owner required check for station "${stationId}"`, false);
  38. args.push(session.userId);
  39. next.apply(null, args);
  40. });
  41. }
  42. };