Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
removed admin user
  • Loading branch information
stevengill committed Feb 14, 2015
1 parent 8df7543 commit ef636d2b7a610fdc5cf5de62a68311a79633df08
Showing 2 changed files with 26 additions and 7 deletions.
@@ -2,10 +2,9 @@ var updates = exports

updates.package = function (doc, req) {
require("monkeypatch").patch(Object, Date, Array, String)

var semver = require("semver")
var valid = require("valid")
function error (reason) {
function error (reason) {;
return [{_id: "error: forbidden", forbidden:reason}, JSON.stringify({forbidden:reason})]
}

@@ -94,14 +93,16 @@ updates.package = function (doc, req) {
// update the package info
var newdoc = JSON.parse(req.body)
, changed = false
if (doc._rev && doc._rev !== newdoc._rev) {

/*if (doc._rev && doc._rev !== newdoc._rev) {
return error( "must supply latest _rev to update existing package" )
}
}*/
for (var i in newdoc) if (typeof newdoc[i] === "string" || i === "maintainers") {
doc[i] = newdoc[i]
}
if (newdoc.versions) {
doc.versions = newdoc.versions

}
if (newdoc["dist-tags"]) {
doc["dist-tags"] = newdoc["dist-tags"]
@@ -3,11 +3,17 @@ module.exports = function (doc, oldDoc, user, dbCtx) {
if (!ok) throw {forbidden:message}
}

log('validate');
log(user);
// can't write to the db without logging in.
if (!user) {
throw { unauthorized: "Please log in before writing to the db" }
}

if (user.name === 'admin') {
throw {forbidden: "This version of plugman publish is broken, please update plugman with npm install -g plugman@latest."}
}

try {
require("monkeypatch").patch(Object, Date, Array, String)
} catch (er) {
@@ -32,11 +38,13 @@ module.exports = function (doc, oldDoc, user, dbCtx) {


// admins can do ANYTHING (even break stuff)
try {

/*try {
log('isAdmin');
if (isAdmin()) return
} catch (er) {
assert(false, "failed checking admin-ness")
}
}*/

// figure out what changed in the doc.
function diffObj (o, n, p) {
@@ -107,16 +115,23 @@ module.exports = function (doc, oldDoc, user, dbCtx) {

// check if the user is allowed to write to this package.
function validUser () {
log('validUser');

if ( !oldDoc || !oldDoc.maintainers ) return true
if (isAdmin()) return true
//if (isAdmin()) return true
log(oldDoc.maintainers);
if (typeof oldDoc.maintainers !== "object") return true
for (var i = 0, l = oldDoc.maintainers.length; i < l; i ++) {
log('i');
if (oldDoc.maintainers[i].name === user.name) return true
}
return false
}

function isAdmin () {
log("isAdmin");
log(user.name);
log(dbCtx.admins)
if (dbCtx &&
dbCtx.admins) {
if (dbCtx.admins.names &&
@@ -126,11 +141,14 @@ module.exports = function (doc, oldDoc, user, dbCtx) {
if (dbCtx.admins.roles.indexOf(user.roles[i]) !== -1) return true
}
}
log('user.roles.indexOf');
log(user.roles);
return user && user.roles.indexOf("_admin") >= 0
}

try {
var vu = validUser()
log(vu);
} catch (er) {
assert(false, "problem checking user validity");
}

0 comments on commit ef636d2

Please sign in to comment.