MLAB-227: prevent HFT account to access "security" page

2d63274c · Rosanny Sihombing · 415db369 · 2d63274c · 2d63274c · 2d63274c
Commit 2d63274c authored 5 years ago by Rosanny Sihombing
Show whitespace changes
Inline Side-by-side

Showing

with 17 additions and 15 deletions
+17 -15
--- a/routes/methods.js
+++ b/routes/methods.js
@@ -69,7 +69,7 @@ var methods = {
        })
    },
    getUserByEmail: function(email, callback) {
-        dbconn.user.query('SELECT verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
+        dbconn.user.query('SELECT verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality, m4lab_idp FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
            if (err) {
                throw err;
            }

--- a/routes/routes-account.js
+++ b/routes/routes-account.js
@@ -240,8 +240,7 @@ module.exports = function (app, config, passport, i18n) {
    if (req.isAuthenticated()) {
      methods.getUserByEmail(req.user.email, function(data, err){
        if (!err) {
-          if (data.verificationStatus == 1) {
+          if (data.verificationStatus == 1 && data.m4lab_idp == 1) {
-            console.log(data)
            res.render(lang+'/account/security', {
              user: data
            })

--- a/views/DE/account/home.pug
+++ b/views/DE/account/home.pug
@@ -29,6 +29,7 @@ html(lang="de")
                                    a(class="nav-link pl-0" href="/account/profile")
                                        i(class="fa fa-user fa-fw")
                                        span(class="d-none d-md-inline") Benutzerprofil
+                                if user.m4lab_idp == 1
                                    li(class="nav-item")
                                        a(class="nav-link pl-0" href="/account/security")
                                            i(class="fa fa-lock fa-fw")

--- a/views/DE/account/profile.pug
+++ b/views/DE/account/profile.pug
@@ -20,6 +20,7 @@ html(lang="de")
                                a(class="nav-link pl-0" href="/account/profile")
                                    i(class="fa fa-user fa-fw" style="color:black;")
                                    span(class="d-none d-md-inline" style="color:black;") Benutzerprofil
+                            if user.m4lab_idp == 1
                                li(class="nav-item")
                                    a(class="nav-link pl-0" href="/account/security")
                                        i(class="fa fa-lock fa-fw")

--- a/views/DE/account/services.pug
+++ b/views/DE/account/services.pug
@@ -20,6 +20,7 @@ html(lang="de")
                                a(class="nav-link pl-0" href="/account/profile")
                                    i(class="fa fa-user fa-fw")
                                    span(class="d-none d-md-inline") Benutzerprofil
+                            if user.m4lab_idp == 1
                                li(class="nav-item")
                                    a(class="nav-link pl-0" href="/account/security")
                                        i(class="fa fa-lock fa-fw")