mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
313 lines
7.5 KiB
JavaScript
313 lines
7.5 KiB
JavaScript
|
/* eslint-disable
|
||
|
handle-callback-err,
|
||
|
max-len,
|
||
|
*/
|
||
|
// TODO: This file was created by bulk-decaffeinate.
|
||
|
// Fix any style issues and re-enable lint.
|
||
|
/*
|
||
|
* decaffeinate suggestions:
|
||
|
* DS102: Remove unnecessary code created because of implicit returns
|
||
|
* DS103: Rewrite code to no longer use __guard__
|
||
|
* DS207: Consider shorter variations of null checks
|
||
|
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
|
||
|
*/
|
||
|
let UserMembershipAuthorization
|
||
|
const AuthenticationController = require('../Authentication/AuthenticationController')
|
||
|
const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||
|
const UserMembershipHandler = require('./UserMembershipHandler')
|
||
|
const EntityConfigs = require('./UserMembershipEntityConfigs')
|
||
|
const Errors = require('../Errors/Errors')
|
||
|
const logger = require('logger-sharelatex')
|
||
|
const settings = require('settings-sharelatex')
|
||
|
const request = require('request')
|
||
|
|
||
|
module.exports = UserMembershipAuthorization = {
|
||
|
requireTeamMetricsAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'team',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'groupMetrics'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireGroupManagementAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'group',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'groupManagement'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireGroupMetricsAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'group',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'groupMetrics'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireGroupManagersManagementAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'groupManagers',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'groupManagement'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireInstitutionMetricsAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'institution',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'institutionMetrics'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireInstitutionManagementAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'institution',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'institutionManagement'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requirePublisherMetricsAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'publisher',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'publisherMetrics'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requirePublisherManagementAccess(req, res, next) {
|
||
|
return requireAccessToEntity(
|
||
|
'publisher',
|
||
|
req.params.id,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
'publisherManagement'
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireTemplateMetricsAccess(req, res, next) {
|
||
|
const templateId = req.params.id
|
||
|
return request(
|
||
|
{
|
||
|
baseUrl: settings.apis.v1.url,
|
||
|
url: `/api/v2/templates/${templateId}`,
|
||
|
method: 'GET',
|
||
|
auth: {
|
||
|
user: settings.apis.v1.user,
|
||
|
pass: settings.apis.v1.pass,
|
||
|
sendImmediately: true
|
||
|
}
|
||
|
},
|
||
|
(error, response, body) => {
|
||
|
if (response.statusCode === 404) {
|
||
|
return next(new Errors.NotFoundError())
|
||
|
}
|
||
|
|
||
|
if (response.statusCode !== 200) {
|
||
|
logger.err(
|
||
|
{ templateId },
|
||
|
"[TemplateMetrics] Couldn't fetch template data from v1"
|
||
|
)
|
||
|
return next(new Error("Couldn't fetch template data from v1"))
|
||
|
}
|
||
|
|
||
|
if (error != null) {
|
||
|
return next(error)
|
||
|
}
|
||
|
try {
|
||
|
body = JSON.parse(body)
|
||
|
} catch (error1) {
|
||
|
error = error1
|
||
|
return next(error)
|
||
|
}
|
||
|
|
||
|
req.template = {
|
||
|
id: body.id,
|
||
|
title: body.title
|
||
|
}
|
||
|
if (__guard__(body != null ? body.brand : undefined, x => x.slug)) {
|
||
|
req.params.id = body.brand.slug
|
||
|
return UserMembershipAuthorization.requirePublisherMetricsAccess(
|
||
|
req,
|
||
|
res,
|
||
|
next
|
||
|
)
|
||
|
} else {
|
||
|
return AuthorizationMiddleware.ensureUserIsSiteAdmin(req, res, next)
|
||
|
}
|
||
|
}
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireGraphAccess(req, res, next) {
|
||
|
req.params.id = req.query.resource_id
|
||
|
if (req.query.resource_type === 'template') {
|
||
|
return UserMembershipAuthorization.requireTemplateMetricsAccess(
|
||
|
req,
|
||
|
res,
|
||
|
next
|
||
|
)
|
||
|
} else if (req.query.resource_type === 'institution') {
|
||
|
return UserMembershipAuthorization.requireInstitutionMetricsAccess(
|
||
|
req,
|
||
|
res,
|
||
|
next
|
||
|
)
|
||
|
} else if (req.query.resource_type === 'group') {
|
||
|
return UserMembershipAuthorization.requireGroupMetricsAccess(
|
||
|
req,
|
||
|
res,
|
||
|
next
|
||
|
)
|
||
|
} else if (req.query.resource_type === 'team') {
|
||
|
return UserMembershipAuthorization.requireTeamMetricsAccess(
|
||
|
req,
|
||
|
res,
|
||
|
next
|
||
|
)
|
||
|
}
|
||
|
return requireAccessToEntity(
|
||
|
req.query.resource_type,
|
||
|
req.query.resource_id,
|
||
|
req,
|
||
|
res,
|
||
|
next
|
||
|
)
|
||
|
},
|
||
|
|
||
|
requireEntityCreationAccess(req, res, next) {
|
||
|
const loggedInUser = AuthenticationController.getSessionUser(req)
|
||
|
if (!loggedInUser || !hasEntityCreationAccess(loggedInUser)) {
|
||
|
return AuthorizationMiddleware.redirectToRestricted(req, res, next)
|
||
|
}
|
||
|
return next()
|
||
|
}
|
||
|
}
|
||
|
|
||
|
var requireAccessToEntity = function(
|
||
|
entityName,
|
||
|
entityId,
|
||
|
req,
|
||
|
res,
|
||
|
next,
|
||
|
requiredStaffAccess = null
|
||
|
) {
|
||
|
const loggedInUser = AuthenticationController.getSessionUser(req)
|
||
|
if (!loggedInUser) {
|
||
|
return AuthorizationMiddleware.redirectToRestricted(req, res, next)
|
||
|
}
|
||
|
|
||
|
return getEntity(
|
||
|
entityName,
|
||
|
entityId,
|
||
|
loggedInUser,
|
||
|
requiredStaffAccess,
|
||
|
function(error, entity, entityConfig, entityExists) {
|
||
|
if (error != null) {
|
||
|
return next(error)
|
||
|
}
|
||
|
|
||
|
if (entity != null) {
|
||
|
req.entity = entity
|
||
|
req.entityConfig = entityConfig
|
||
|
return next()
|
||
|
}
|
||
|
|
||
|
if (entityExists) {
|
||
|
// user doesn't have access to entity
|
||
|
return AuthorizationMiddleware.redirectToRestricted(req, res, next)
|
||
|
}
|
||
|
|
||
|
if (hasEntityCreationAccess(loggedInUser) && entityConfig.canCreate) {
|
||
|
// entity doesn't exists, admin can create it
|
||
|
return res.redirect(`/entities/${entityName}/create/${entityId}`)
|
||
|
}
|
||
|
|
||
|
return next(new Errors.NotFoundError())
|
||
|
}
|
||
|
)
|
||
|
}
|
||
|
|
||
|
var getEntity = function(
|
||
|
entityName,
|
||
|
entityId,
|
||
|
user,
|
||
|
requiredStaffAccess,
|
||
|
callback
|
||
|
) {
|
||
|
if (callback == null) {
|
||
|
callback = function(error, entity, entityConfig, entityExists) {}
|
||
|
}
|
||
|
const entityConfig = EntityConfigs[entityName]
|
||
|
if (!entityConfig) {
|
||
|
return callback(new Errors.NotFoundError(`No such entity: ${entityName}`))
|
||
|
}
|
||
|
|
||
|
return UserMembershipHandler.getEntity(
|
||
|
entityId,
|
||
|
entityConfig,
|
||
|
user,
|
||
|
requiredStaffAccess,
|
||
|
function(error, entity) {
|
||
|
if (error != null) {
|
||
|
return callback(error)
|
||
|
}
|
||
|
if (entity != null) {
|
||
|
return callback(null, entity, entityConfig, true)
|
||
|
}
|
||
|
|
||
|
// no access to entity. Check if entity exists
|
||
|
return UserMembershipHandler.getEntityWithoutAuthorizationCheck(
|
||
|
entityId,
|
||
|
entityConfig,
|
||
|
function(error, entity) {
|
||
|
if (error != null) {
|
||
|
return callback(error)
|
||
|
}
|
||
|
return callback(null, null, entityConfig, entity != null)
|
||
|
}
|
||
|
)
|
||
|
}
|
||
|
)
|
||
|
}
|
||
|
|
||
|
var hasEntityCreationAccess = user =>
|
||
|
user.isAdmin ||
|
||
|
(user.staffAccess != null
|
||
|
? user.staffAccess['institutionManagement']
|
||
|
: undefined) ||
|
||
|
(user.staffAccess != null
|
||
|
? user.staffAccess['publisherManagement']
|
||
|
: undefined)
|
||
|
|
||
|
function __guard__(value, transform) {
|
||
|
return typeof value !== 'undefined' && value !== null
|
||
|
? transform(value)
|
||
|
: undefined
|
||
|
}
|