From 327badb3ca175621fb5f00b9fb8f101d0268c11c Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Sun, 28 Jan 2018 16:44:23 +0100
Subject: [PATCH] Allow dbQuery and userGetSettings for Cors permissioned sites

---
 plugins/Cors/CorsPlugin.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/plugins/Cors/CorsPlugin.py b/plugins/Cors/CorsPlugin.py
index 9d7d0068..63baed30 100644
--- a/plugins/Cors/CorsPlugin.py
+++ b/plugins/Cors/CorsPlugin.py
@@ -23,6 +23,15 @@ def getCorsPath(site, inner_path):
 
 @PluginManager.registerTo("UiWebsocket")
 class UiWebsocketPlugin(object):
+    def hasSitePermission(self, address, cmd=None):
+        if super(UiWebsocketPlugin, self).hasSitePermission(address, cmd=cmd):
+            return True
+
+        if not "Cors:%s" % address in self.site.settings["permissions"] or cmd not in ["dbQuery", "userGetSettings"]:
+            return False
+        else:
+            return True
+
     # Add cors support for file commands
     def corsFuncWrapper(self, func_name, to, inner_path, *args, **kwargs):
         if inner_path.startswith("cors-"):