Nemcio/meanTorrent
1
0
Fork 0
mirror of https://github.com/taobataoma/meanTorrent.git synced 2026-02-02 20:49:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(torrents): forbidden access vip torrent through their url by normal users.

Browse Source 
#20
This commit is contained in:
OldHawk
2017-12-05 11:22:22 +08:00
parent 4af4b47d65
commit 7bb553986c
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/torrents/server/controllers/torrents.server.controller.js
View File

@@ -694,14 +694,20 @@ exports.create = function (req, res) {
* @param res
*/
exports.read = function (req, res) {
// convert mongoose document to JSON
var torrent = req.torrent ? req.torrent.toJSON() : {};
if (req.torrent.torrent_vip && !req.user.isVip) {
return res.status(403).send({
message: 'SERVER.ONLY_VIP_CAN_DOWNLOAD'
});
} else {
// convert mongoose document to JSON
var torrent = req.torrent ? req.torrent.toJSON() : {};
// Add a custom field to the Article, for determining if the current User is the "owner".
// NOTE: This field is NOT persisted to the database, since it doesn't exist in the Article model.
torrent.isCurrentUserOwner = !!(req.user && torrent.user && torrent.user._id.toString() === req.user._id.toString());
// Add a custom field to the Article, for determining if the current User is the "owner".
// NOTE: This field is NOT persisted to the database, since it doesn't exist in the Article model.
torrent.isCurrentUserOwner = !!(req.user && torrent.user && torrent.user._id.toString() === req.user._id.toString());
res.json(torrent);
res.json(torrent);
}
};
/**