Skip to content

Commit

Permalink
better access control for search
Browse files Browse the repository at this point in the history 
For each of the packages check if user has access to it and remove
package info from the result if he doesn't.

ref #65
  • Loading branch information
@rlidwka
rlidwka committed Jun 24, 2014
1 parent 17d8ab7 commit d9accbb
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions lib/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,10 +171,14 @@ module.exports = function(config_hash) {
})

// searching packages
app.get('/-/all/:package?', can('access'), function(req, res, next) {
app.get('/-/all/:since?', function(req, res, next) {
storage.search(req.param.startkey || 0, {req: req}, function(err, result) {
if (err) return next(err)

for (var pkg in result) {
if (!config.allow_access(pkg, req.remoteUser)) {
delete result[pkg]
}
}
return res.send(result)
})
})
Expand Down

0 comments on commit d9accbb

Please sign in to comment.