From 722b75df68229ce9fb89934f0d4ced59e27e7c45 Mon Sep 17 00:00:00 2001
From: Erick Hitter <git-contrib@ethitter.com>
Date: Sat, 1 Apr 2017 21:53:25 -0700
Subject: [PATCH] Limit the users who can trigger a command

---
 config-sample.json |  1 +
 index.js           | 12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/config-sample.json b/config-sample.json
index 4c5fcc7..825f839 100644
--- a/config-sample.json
+++ b/config-sample.json
@@ -1,4 +1,5 @@
 {
+  "command_user"  : "",
   "wp_endpoint"   : "",
   "wp_username"   : "",
   "wp_password"   : "",
diff --git a/index.js b/index.js
index 59190bb..06134c8 100644
--- a/index.js
+++ b/index.js
@@ -31,6 +31,16 @@ app.post( '/log', function( req, res ) {
 		return res.sendStatus( 400 );
 	}
 
+	// Limit who can trigger the command
+	if ( 'undefined' === typeof req.body.user_name || config.command_user !== req.body.user_name ) {
+		var response = {
+			"response_type": "ephemeral",
+			"text": "Sorry, you can't record completed tasks."
+		};
+
+		return res.send( response );
+	}
+
 	// Massage the title
 	var title = req.body.text;
 	title = striptags( title, [] );
@@ -58,7 +68,7 @@ app.post( '/log', function( req, res ) {
 			"text": "**Entry recorded (**ID #" + resp.id + ", <" + resp.link + ">**)**\n" + resp.title.rendered
 		};
 
-		res.send( response);
+		res.send( response );
 	} );
 } );
 
-- 
GitLab