All files / middlewares fileAccessRightOrLoginRequired.js

13.33% Statements 2/15
0% Branches 0/7
50% Functions 1/2
13.33% Lines 2/15

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 2315x 15x                                          
module.exports = (crowi, app) => {
  return async function(req, res, next) {
    try {
      const Attachment = crowi.model('Attachment')
      const Share = crowi.model('Share')
      const attachment = await Attachment.findById(req.params.id)
      const { uuid, secretKeyword } = await Share.findShareByPageId(attachment.page, { status: Share.STATUS_ACTIVE })
      const { shareIds = [], secretKeywords = {} } = req.session
      const isNoExistKeyword = !secretKeyword
      const hasCorrectKeyword = secretKeywords[uuid] === secretKeyword
      const isAccessedSharedPage = shareIds.includes(uuid)
      const hasAccessRight = (isNoExistKeyword || hasCorrectKeyword) && isAccessedSharedPage
      if (hasAccessRight) {
        return next()
      }
    } catch (err) {
      // share url not found, but its okay
      // debug(err)
    }
    return crowi.middlewares.LoginRequired(req, res, next)
  }
}