0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

better access control for search

For each of the packages check if user has access to it and remove
package info from the result if he doesn't.

ref #65
This commit is contained in:
Alex Kocharin 2014-06-22 18:34:51 +04:00
parent 17d8ab7dcd
commit d9accbb6a7

View file

@ -171,10 +171,14 @@ module.exports = function(config_hash) {
}) })
// searching packages // searching packages
app.get('/-/all/:package?', can('access'), function(req, res, next) { app.get('/-/all/:since?', function(req, res, next) {
storage.search(req.param.startkey || 0, {req: req}, function(err, result) { storage.search(req.param.startkey || 0, {req: req}, function(err, result) {
if (err) return next(err) if (err) return next(err)
for (var pkg in result) {
if (!config.allow_access(pkg, req.remoteUser)) {
delete result[pkg]
}
}
return res.send(result) return res.send(result)
}) })
}) })