Add /_lib/get_account.jst, remove env.signed_in_as

[ndcode_site.git] / api / nodemailer / set.json.jst

diff --git a/api/nodemailer/set.json.jst b/api/nodemailer/set.json.jst
index 0ca4b66..292529b 100644 (file)
--- a/api/nodemailer/set.json.jst
+++ b/api/nodemailer/set.json.jst
@@ -1,8 +1,9 @@
 let XDate = require('xdate')
 
 return async env => {
-  let post_request = await _require('/_lib/post_request.jst')
+  let get_account = await _require('/_lib/get_account.jst')
   let get_session = await _require('/_lib/get_session.jst')
+  let post_request = await _require('/_lib/post_request.jst')
   let Problem = await _require('/_lib/Problem.jst')
 
   await post_request(
@@ -15,19 +16,18 @@ return async env => {
 
       let transaction = await env.site.database.Transaction()
       try {
-        // initialize env.session_key, set cookie in env.response
-        await get_session(env, transaction)
-        if (env.signed_in_as === null)
+        let account = await get_account(
+          env,
+          transaction,
+          await get_session(env, transaction)
+        )
+        if (account === undefined)
           throw new Problem('Unauthorized', 'Please sign in first.', 401)
 
-        let root = await transaction.get({})
-        let account = await (
-          await root.get('accounts', {})
-        ).get(env.signed_in_as)
         if (!await account.get_json('administrator'))
           throw new Problem('Unauthorized', 'Not administrator.', 401)
 
-        root.set_json('nodemailer', nodemailer)
+        ;(await transaction.get({})).set_json('nodemailer', nodemailer)
         await transaction.commit()
       }
       catch (error) {