[guadec-web-regcfp/develop] Secure desk

From: Patrick Uiterwijk <puiterwijk src gnome org>
To: commits-list gnome org
Cc:
Subject: [guadec-web-regcfp/develop] Secure desk
Date: Thu, 6 Aug 2015 23:57:17 +0000 (UTC)
commit eec4f06e6d2ec90c7186ed7e19218b69cddaff6e
Author: Patrick Uiterwijk <puiterwijk redhat com>
Date:   Fri Aug 7 01:57:13 2015 +0200

    Secure desk

 routes/desk.js |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)
---
diff --git a/routes/desk.js b/routes/desk.js
index 37f7f95..f3611e7 100644
--- a/routes/desk.js
+++ b/routes/desk.js
@@ -50,6 +50,8 @@ router.get('/', function(req, res, next) {
     });
 });
 
+router.all('/add', utils.require_user);
+router.all('/add', utils.require_permission('registration/desk'));
 router.get('/add', function(req, res, next) {
   res.render('desk/add');
 });
@@ -86,6 +88,8 @@ router.post('/add', function(req, res, next) {
     });
 });
 
+router.all('/receipt', utils.require_user);
+router.all('/receipt', utils.require_permission('registration/desk'));
 router.get('/receipt', function(req, res, next) {
   var regid = req.query.regid;
   Registration.findOne({where: {id:regid}, include: [User, RegistrationPayment]})
@@ -98,6 +102,8 @@ router.get('/receipt', function(req, res, next) {
     });
 });
 
+router.all('/finish', utils.require_user);
+router.all('/finish', utils.require_permission('registration/desk'));
 router.post('/finish', function(req, res, next) {
   var regid = req.body.regid;
   Registration.findOne({where: {id:regid}, include: [User, RegistrationPayment]})
@@ -109,6 +115,8 @@ router.post('/finish', function(req, res, next) {
     });
 });
 
+router.all('/badge', utils.require_user);
+router.all('/badge', utils.require_permission('registration/desk'));
 router.get('/badge', function(req, res, next) {
   var regida = req.query.regida;
   var regidb = req.query.regidb;
@@ -163,6 +171,8 @@ router.get('/badge', function(req, res, next) {
     });
 });
 
+router.all('/payment/markpaid', utils.require_user);
+router.all('/payment/markpaid', utils.require_permission('registration/desk'));
 router.post('/payment/markpaid', function(req, res, next) {
   var regid = req.body.regid;
   Registration.findOne({where: {id:regid}, include: [RegistrationPayment]})
@@ -178,6 +188,8 @@ router.post('/payment/markpaid', function(req, res, next) {
     });
 });
 
+router.all('/payment/clear', utils.require_user);
+router.all('/payment/clear', utils.require_permission('registration/desk'));
 router.post('/payment/clear', function(req, res, next) {
   var regid = req.body.regid;
   Registration.findOne({where: {id:regid}, include: [RegistrationPayment]})
@@ -192,6 +204,8 @@ router.post('/payment/clear', function(req, res, next) {
     });
 });
 
+router.all('/payment/add', utils.require_user);
+router.all('/payment/add', utils.require_permission('registration/desk'));
 router.post('/payment/add', function(req, res, next) {
   var regid = req.body.regid;
   Registration.findOne({where: {id:regid}})
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]