From 2d63274c3ab811fcf9c81b22ac2f4ef0ad8fad50 Mon Sep 17 00:00:00 2001
From: Rosanny <rosanny.sihombing@hft-stuttgart.de>
Date: Tue, 26 May 2020 15:49:24 +0200
Subject: [PATCH] MLAB-227: prevent HFT account to access "security" page
---
routes/methods.js | 2 +-
routes/routes-account.js | 3 +--
views/DE/account/home.pug | 9 +++++----
views/DE/account/profile.pug | 9 +++++----
views/DE/account/services.pug | 9 +++++----
5 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/routes/methods.js b/routes/methods.js
index 2bafb470..7b34268a 100644
--- a/routes/methods.js
+++ b/routes/methods.js
@@ -69,7 +69,7 @@ var methods = {
})
},
getUserByEmail: function(email, callback) {
- dbconn.user.query('SELECT verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
+ dbconn.user.query('SELECT verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality, m4lab_idp FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
if (err) {
throw err;
}
diff --git a/routes/routes-account.js b/routes/routes-account.js
index 676796ba..10f9ae7e 100644
--- a/routes/routes-account.js
+++ b/routes/routes-account.js
@@ -240,8 +240,7 @@ module.exports = function (app, config, passport, i18n) {
if (req.isAuthenticated()) {
methods.getUserByEmail(req.user.email, function(data, err){
if (!err) {
- if (data.verificationStatus == 1) {
- console.log(data)
+ if (data.verificationStatus == 1 && data.m4lab_idp == 1) {
res.render(lang+'/account/security', {
user: data
})
diff --git a/views/DE/account/home.pug b/views/DE/account/home.pug
index 68004228..f20eafc9 100644
--- a/views/DE/account/home.pug
+++ b/views/DE/account/home.pug
@@ -29,10 +29,11 @@ html(lang="de")
a(class="nav-link pl-0" href="/account/profile")
i(class="fa fa-user fa-fw")
span(class="d-none d-md-inline") Benutzerprofil
- li(class="nav-item")
- a(class="nav-link pl-0" href="/account/security")
- i(class="fa fa-lock fa-fw")
- span(class="d-none d-md-inline") Sicherheitseinstellungen
+ if user.m4lab_idp == 1
+ li(class="nav-item")
+ a(class="nav-link pl-0" href="/account/security")
+ i(class="fa fa-lock fa-fw")
+ span(class="d-none d-md-inline") Sicherheitseinstellungen
li(class="nav-item")
a(class="nav-link pl-0" href="/account/services")
i(class="fa fa-tasks fa-fw")
diff --git a/views/DE/account/profile.pug b/views/DE/account/profile.pug
index ae666c9d..e66e4eca 100644
--- a/views/DE/account/profile.pug
+++ b/views/DE/account/profile.pug
@@ -20,10 +20,11 @@ html(lang="de")
a(class="nav-link pl-0" href="/account/profile")
i(class="fa fa-user fa-fw" style="color:black;")
span(class="d-none d-md-inline" style="color:black;") Benutzerprofil
- li(class="nav-item")
- a(class="nav-link pl-0" href="/account/security")
- i(class="fa fa-lock fa-fw")
- span(class="d-none d-md-inline") Sicherheitseinstellungen
+ if user.m4lab_idp == 1
+ li(class="nav-item")
+ a(class="nav-link pl-0" href="/account/security")
+ i(class="fa fa-lock fa-fw")
+ span(class="d-none d-md-inline") Sicherheitseinstellungen
li(class="nav-item")
a(class="nav-link pl-0" href="/account/services")
i(class="fa fa-tasks fa-fw")
diff --git a/views/DE/account/services.pug b/views/DE/account/services.pug
index 49497ca1..cb911250 100644
--- a/views/DE/account/services.pug
+++ b/views/DE/account/services.pug
@@ -20,10 +20,11 @@ html(lang="de")
a(class="nav-link pl-0" href="/account/profile")
i(class="fa fa-user fa-fw")
span(class="d-none d-md-inline") Benutzerprofil
- li(class="nav-item")
- a(class="nav-link pl-0" href="/account/security")
- i(class="fa fa-lock fa-fw")
- span(class="d-none d-md-inline") Sicherheitseinstellungen
+ if user.m4lab_idp == 1
+ li(class="nav-item")
+ a(class="nav-link pl-0" href="/account/security")
+ i(class="fa fa-lock fa-fw")
+ span(class="d-none d-md-inline") Sicherheitseinstellungen
li(class="nav-item")
a(class="nav-link pl-0" href="/account/services")
i(class="fa fa-tasks fa-fw" style="color:black;")
--
GitLab