+const devs = [1]; //hard-coded list of developers IDs, allowed to post news
+
+router.post("/news", access.logged, access.ajax, (req,res) => {
+ if (devs.includes(req.userId))
+ {
+ const content = sanitizeHtml(req.body.news.content);
+ NewsModel.create(content, req.userId, (err,ret) => {
+ res.json(err || { id: ret.nid });
+ });
+ }
+});