feat: All Pages - Limit to user access rights

server/controllers/ws.js

@@ -25,7 +25,7 @@ module.exports = (socket) => {
   if (socket.request.user.logged_in) {
     socket.on('treeFetch', (data, cb) => {
       cb = cb || _.noop
-      entries.getFromTree(data.basePath).then((f) => {
+      entries.getFromTree(data.basePath, socket.request.user).then((f) => {
         return cb(f) || true
       })
     })

server/libs/entries.js

@@ -393,9 +393,15 @@ module.exports = {
    * Get all entries from base path
    *
    * @param {String} basePath Path to list from
+   * @param {Object} usr Current user
    * @return {Promise<Array>} List of entries
    */
-  getFromTree (basePath) {
-    return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' })
+  getFromTree (basePath, usr) {
+    return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' }).then(results => {
+      return _.filter(results, r => {
+        console.log(r._id, rights.checkRole(r._id, usr.rights, 'read'))
+        return rights.checkRole('/' + r._id, usr.rights, 'read')
+      })
+    })
   }
 }

server/libs/rights.js

@@ -58,15 +58,15 @@ module.exports = {
     let rt = []
     let p = _.chain(req.originalUrl).toLower().trim().value()
 
-    // Load User Rights
+    // Load user rights
 
     if (_.isArray(req.user.rights)) {
       rt = req.user.rights
     }
 
-    // Is admin?
+    // Check rights
 
-    if (_.find(rt, { role: 'admin' })) {
+    if (self.checkRole(p, rt, 'admin')) {
       perm.read = true
       perm.write = true
       perm.manage = true
@@ -89,6 +89,8 @@ module.exports = {
    * @return     {boolean}        True if authorized
    */
   checkRole (p, rt, role) {
+    if (_.find(rt, { role: 'admin' })) { return true }
+
     // Check specific role on path
 
     let filteredRights = _.filter(rt, (r) => {