1 package Newslash::Plugin::ResponseFilter;
2 use Mojo::Base 'Mojolicious::Plugin';
5 my ($self, $app, $conf) = @_;
7 # set default config value
8 my $cnf = $app->config->{ResponseFilter} ||= {};
9 my $default_faculities = { users => { 10000 => [qw(realemail passwd newpasswd newpasswd_ts)] },
10 comments => { 1000 => [qw(ipid subnetid)] },
11 metamoderations => { 1000 => [qw(uid)] },
12 moderations => { 1000 => [qw(ipid subnetid uid m2uid)] },
13 stories => { 1000 => [qw(hits hitparade)] },
14 submissions => { 1000 => [qw(ipid subnetid note comment)] },
16 $cnf->{faculities} ||= $default_faculities;
18 $app->helper(apply_seclev_filter => sub { apply_seclev_filter(@_) });
21 $app->hook(before_render => sub {
23 return if (!defined $args->{json});
25 my $json = $args->{json};
26 my $result = $json->{result} || $json;
27 if ($result->{item}) {
28 if ($result->{item}->{content_type}) {
29 apply_seclev_filter($c, $result->{item}->{content_type}, $result->{item});
33 if ($result->{items} && ref($result->{items}) eq "ARRAY") {
34 for my $item (@{$result->{items}}) {
35 if ($item->{content_type}) {
36 apply_seclev_filter($c, $item->{content_type}, $item);
44 sub apply_seclev_filter {
45 my ($c, $model, $items) = @_;
46 if (!$items || !$model) {
47 $c->app->log->error("ResponseFilter: model or items not given");
51 my $user = $c->stash('user') || {};
52 my $security_level = $user->{seclev} || 0;
55 if (ref($items) ne "ARRAY") {
59 my $cnf = $c->config->{ResponseFilter} || {};
60 my $faculties = $cnf->{faculities} || {};
62 #warn Dumper $faculties;
64 my $faculty_all = $faculties->{all} || {};
65 for my $lv (keys %$faculty_all) {
66 if ($security_level < $lv) {
67 for my $item (@$targets) {
68 for my $k (@{$faculty_all->{$lv}}) {
69 if (defined $item->{$k}) {
71 #$c->app->log->debug("remove $k");
78 my $faculty = $faculties->{$model} || {};
79 for my $lv (keys %$faculty) {
80 if ($security_level < $lv) {
81 for my $item (@$targets) {
82 for my $k (@{$faculty->{$lv}}) {
83 if (defined $item->{$k}) {
85 #$c->app->log->debug("remove $k");