fix: root admin access deny bug + patreon link

server/controllers/common.js

@@ -30,6 +30,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
   })
   if (page) {
     if (!WIKI.auth.checkAccess(req.user, ['manage:pages'], pageArgs)) {
+      _.set(res.locals, 'pageMeta.title', 'Unauthorized')
       return res.render('unauthorized', { action: 'edit'})
     }
 
@@ -40,6 +41,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
     page.content = Buffer.from(page.content).toString('base64')
   } else {
     if (!WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) {
+      _.set(res.locals, 'pageMeta.title', 'Unauthorized')
       return res.render('unauthorized', { action: 'create'})
     }
 
@@ -78,6 +80,7 @@ router.get(['/h', '/h/*'], async (req, res, next) => {
   const pageArgs = pageHelper.parsePath(req.path)
 
   if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) {
+    _.set(res.locals, 'pageMeta.title', 'Unauthorized')
     return res.render('unauthorized', { action: 'history'})
   }
 

server/core/auth.js

@@ -114,6 +114,7 @@ module.exports = {
         try {
           const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
           user = newToken.user
+          req.user = user
 
           // Try headers, otherwise cookies for response
           if (req.get('content-type') === 'application/json') {
@@ -153,20 +154,18 @@ module.exports = {
    * @param {String|Boolean} path
    */
   checkAccess(user, permissions = [], page = false) {
+    const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
+
     // System Admin
-    if (_.includes(user.permissions, 'manage:system')) {
+    if (_.includes(userPermissions, 'manage:system')) {
       return true
     }
 
-    const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
-
     // Check Global Permissions
     if (_.intersection(userPermissions, permissions).length < 1) {
       return false
     }
 
-    console.info('---------------------')
-
     // Check Page Rules
     if (path && user.groups) {
       let checkState = {
@@ -204,9 +203,6 @@ module.exports = {
         })
       })
 
-      console.info('DAKSJDHKASJD')
-      console.info(checkState)
-
       return (checkState.match && !checkState.deny)
     }