mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-16 21:56:25 -05:00
better access control for search
For each of the packages check if user has access to it and remove package info from the result if he doesn't. ref #65
This commit is contained in:
parent
17d8ab7dcd
commit
d9accbb6a7
1 changed files with 6 additions and 2 deletions
|
@ -171,10 +171,14 @@ module.exports = function(config_hash) {
|
||||||
})
|
})
|
||||||
|
|
||||||
// searching packages
|
// searching packages
|
||||||
app.get('/-/all/:package?', can('access'), function(req, res, next) {
|
app.get('/-/all/:since?', function(req, res, next) {
|
||||||
storage.search(req.param.startkey || 0, {req: req}, function(err, result) {
|
storage.search(req.param.startkey || 0, {req: req}, function(err, result) {
|
||||||
if (err) return next(err)
|
if (err) return next(err)
|
||||||
|
for (var pkg in result) {
|
||||||
|
if (!config.allow_access(pkg, req.remoteUser)) {
|
||||||
|
delete result[pkg]
|
||||||
|
}
|
||||||
|
}
|
||||||
return res.send(result)
|
return res.send(result)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue