From 5214feba0047ad6496ac2a37eecb4d8e32e33c06 Mon Sep 17 00:00:00 2001
From: reality <tinmachin3@gmail.com>
Date: Mon, 29 Jul 2013 19:03:24 +0000
Subject: [PATCH] OH BABY [#538]

---
 modules/web/web.js | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/modules/web/web.js b/modules/web/web.js
index 02eada7..03bc8cb 100644
--- a/modules/web/web.js
+++ b/modules/web/web.js
@@ -63,7 +63,7 @@ var webInterface = function(dbot) {
             if(_.has(pages, p)) {
                 var func = pages[p];
                 var mod = func.module;
-                this.app.get(p, (function(req, resp) {
+                this.app.get(p, this.api.hasAccess, (function(req, resp) {
                     // Crazy shim to seperate module views.
                     var shim = Object.create(resp);
                     shim.render = (function(view, one, two) {
@@ -137,6 +137,40 @@ var webInterface = function(dbot) {
             this.db.read('web_users', id, function(err, webUser) {
                 callback(webUser);
             }); 
+        },
+
+        'hasAccess': function(req, res, next) {
+            var module = req.route.path.split('/')[1];
+            module = dbot.modules[module];
+
+            if(module.config.requireWebLogin == true) {
+                if(req.isAuthenticated()) {
+                    if(!_.isUndefined(module.config.webAccess)) {
+                        var allowedUsers = dbot.config.admins;
+                        if(module.config.webAccess == 'moderators') {
+                            allowedUsers = _.union(allowedUsers, dbot.config.moderators);
+                        }
+                        if(module.config.webAccess == 'power_users') {
+                            allowedUsers = _.union(allowedUsers, dbot.config.moderators);
+                            allowedUsers = _.union(allowedUsers, dbot.config.power_users);
+                        }
+
+                        if(_.include(allowedUsers, req.user.primaryNick)) {
+                            return next();
+                        } else {
+                            res.render('index', {
+                                'message': 'You don\'t have access to this module.'
+                            });
+                        }
+                    } else {
+                        return next();
+                    }
+                } else {
+                    res.render('login', {
+                        'message': 'You need to log in to access this module.'
+                    });
+                }
+            }
         }
     };