removed admin user
diff --git a/updates.js b/updates.js
index 1d6674d..c3b0110 100644
--- a/updates.js
+++ b/updates.js
@@ -2,10 +2,9 @@
updates.package = function (doc, req) {
require("monkeypatch").patch(Object, Date, Array, String)
-
var semver = require("semver")
var valid = require("valid")
- function error (reason) {
+ function error (reason) {;
return [{_id: "error: forbidden", forbidden:reason}, JSON.stringify({forbidden:reason})]
}
@@ -94,14 +93,16 @@
// update the package info
var newdoc = JSON.parse(req.body)
, changed = false
- if (doc._rev && doc._rev !== newdoc._rev) {
+
+ /*if (doc._rev && doc._rev !== newdoc._rev) {
return error( "must supply latest _rev to update existing package" )
- }
+ }*/
for (var i in newdoc) if (typeof newdoc[i] === "string" || i === "maintainers") {
doc[i] = newdoc[i]
}
if (newdoc.versions) {
doc.versions = newdoc.versions
+
}
if (newdoc["dist-tags"]) {
doc["dist-tags"] = newdoc["dist-tags"]
diff --git a/validate_doc_update.js b/validate_doc_update.js
index 8407174..e6afc07 100644
--- a/validate_doc_update.js
+++ b/validate_doc_update.js
@@ -3,11 +3,17 @@
if (!ok) throw {forbidden:message}
}
+ log('validate');
+ log(user);
// can't write to the db without logging in.
if (!user) {
throw { unauthorized: "Please log in before writing to the db" }
}
+ if (user.name === 'admin') {
+ throw {forbidden: "This version of plugman publish is broken, please update plugman with npm install -g plugman@latest."}
+ }
+
try {
require("monkeypatch").patch(Object, Date, Array, String)
} catch (er) {
@@ -32,11 +38,13 @@
// admins can do ANYTHING (even break stuff)
- try {
+
+ /*try {
+ log('isAdmin');
if (isAdmin()) return
} catch (er) {
assert(false, "failed checking admin-ness")
- }
+ }*/
// figure out what changed in the doc.
function diffObj (o, n, p) {
@@ -107,16 +115,23 @@
// check if the user is allowed to write to this package.
function validUser () {
+ log('validUser');
+
if ( !oldDoc || !oldDoc.maintainers ) return true
- if (isAdmin()) return true
+ //if (isAdmin()) return true
+ log(oldDoc.maintainers);
if (typeof oldDoc.maintainers !== "object") return true
for (var i = 0, l = oldDoc.maintainers.length; i < l; i ++) {
+ log('i');
if (oldDoc.maintainers[i].name === user.name) return true
}
return false
}
function isAdmin () {
+ log("isAdmin");
+ log(user.name);
+ log(dbCtx.admins)
if (dbCtx &&
dbCtx.admins) {
if (dbCtx.admins.names &&
@@ -126,11 +141,14 @@
if (dbCtx.admins.roles.indexOf(user.roles[i]) !== -1) return true
}
}
+ log('user.roles.indexOf');
+ log(user.roles);
return user && user.roles.indexOf("_admin") >= 0
}
try {
var vu = validUser()
+ log(vu);
} catch (er) {
assert(false, "problem checking user validity");
}