Add /_lib/get_account.jst, remove env.signed_in_as

[ndcode_site.git] / api / globals / set.json.jst

diff --git a/api/globals/set.json.jst b/api/globals/set.json.jst
index fbb0127..9d2e304 100644 (file)
--- a/api/globals/set.json.jst
+++ b/api/globals/set.json.jst
@@ -25,19 +25,17 @@ return async env => {
 
       let transaction = await env.site.database.Transaction()
       try {
-        // initialize env.session_key, set cookie in env.response
-        await get_session(env, transaction)
-        if (env.signed_in_as === null)
+        let account = await get_account(
+          env,
+          transaction,
+          await get_session(env, transaction)
+        )
+        if (account === undefined)
           throw new Problem('Unauthorized', 'Please sign in first.', 401)
-
-        let root = await transaction.get({})
-        let account = await (
-          await root.get('accounts', {})
-        ).get(env.signed_in_as)
         if (!await account.get_json('administrator'))
           throw new Problem('Unauthorized', 'Not administrator.', 401)
 
-        root.set_json('globals', globals)
+        ;(await transaction.get({})).set_json('globals', globals)
         await transaction.commit()
       }
       catch (error) {