overleaf/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js

/* eslint-disable
    handle-callback-err,
    max-len,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
 * decaffeinate suggestions:
 * DS102: Remove unnecessary code created because of implicit returns
 * DS103: Rewrite code to no longer use __guard__
 * DS207: Consider shorter variations of null checks
 * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
 */
let UserMembershipAuthorization
const AuthenticationController = require('../Authentication/AuthenticationController')
const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
const UserMembershipHandler = require('./UserMembershipHandler')
const EntityConfigs = require('./UserMembershipEntityConfigs')
const Errors = require('../Errors/Errors')
const logger = require('logger-sharelatex')
const settings = require('settings-sharelatex')
const request = require('request')

module.exports = UserMembershipAuthorization = {
  requireTeamMetricsAccess(req, res, next) {
    return requireAccessToEntity(
      'team',
      req.params.id,
      req,
      res,
      next,
      'groupMetrics'
    )
  },

  requireGroupManagementAccess(req, res, next) {
    return requireAccessToEntity(
      'group',
      req.params.id,
      req,
      res,
      next,
      'groupManagement'
    )
  },

  requireGroupMetricsAccess(req, res, next) {
    return requireAccessToEntity(
      'group',
      req.params.id,
      req,
      res,
      next,
      'groupMetrics'
    )
  },

  requireGroupManagersManagementAccess(req, res, next) {
    return requireAccessToEntity(
      'groupManagers',
      req.params.id,
      req,
      res,
      next,
      'groupManagement'
    )
  },

  requireInstitutionMetricsAccess(req, res, next) {
    return requireAccessToEntity(
      'institution',
      req.params.id,
      req,
      res,
      next,
      'institutionMetrics'
    )
  },

  requireInstitutionManagementAccess(req, res, next) {
    return requireAccessToEntity(
      'institution',
      req.params.id,
      req,
      res,
      next,
      'institutionManagement'
    )
  },

  requirePublisherMetricsAccess(req, res, next) {
    return requireAccessToEntity(
      'publisher',
      req.params.id,
      req,
      res,
      next,
      'publisherMetrics'
    )
  },

  requirePublisherManagementAccess(req, res, next) {
    return requireAccessToEntity(
      'publisher',
      req.params.id,
      req,
      res,
      next,
      'publisherManagement'
    )
  },

  requireTemplateMetricsAccess(req, res, next) {
    const templateId = req.params.id
    return request(
      {
        baseUrl: settings.apis.v1.url,
        url: `/api/v2/templates/${templateId}`,
        method: 'GET',
        auth: {
          user: settings.apis.v1.user,
          pass: settings.apis.v1.pass,
          sendImmediately: true
        }
      },
      (error, response, body) => {
        if (response.statusCode === 404) {
          return next(new Errors.NotFoundError())
        }

        if (response.statusCode !== 200) {
          logger.err(
            { templateId },
            "[TemplateMetrics] Couldn't fetch template data from v1"
          )
          return next(new Error("Couldn't fetch template data from v1"))
        }

        if (error != null) {
          return next(error)
        }
        try {
          body = JSON.parse(body)
        } catch (error1) {
          error = error1
          return next(error)
        }

        req.template = {
          id: body.id,
          title: body.title
        }
        if (__guard__(body != null ? body.brand : undefined, x => x.slug)) {
          req.params.id = body.brand.slug
          return UserMembershipAuthorization.requirePublisherMetricsAccess(
            req,
            res,
            next
          )
        } else {
          return AuthorizationMiddleware.ensureUserIsSiteAdmin(req, res, next)
        }
      }
    )
  },

  requireGraphAccess(req, res, next) {
    req.params.id = req.query.resource_id
    if (req.query.resource_type === 'template') {
      return UserMembershipAuthorization.requireTemplateMetricsAccess(
        req,
        res,
        next
      )
    } else if (req.query.resource_type === 'institution') {
      return UserMembershipAuthorization.requireInstitutionMetricsAccess(
        req,
        res,
        next
      )
    } else if (req.query.resource_type === 'group') {
      return UserMembershipAuthorization.requireGroupMetricsAccess(
        req,
        res,
        next
      )
    } else if (req.query.resource_type === 'team') {
      return UserMembershipAuthorization.requireTeamMetricsAccess(
        req,
        res,
        next
      )
    }
    return requireAccessToEntity(
      req.query.resource_type,
      req.query.resource_id,
      req,
      res,
      next
    )
  },

  requireEntityCreationAccess(req, res, next) {
    const loggedInUser = AuthenticationController.getSessionUser(req)
    if (!loggedInUser || !hasEntityCreationAccess(loggedInUser)) {
      return AuthorizationMiddleware.redirectToRestricted(req, res, next)
    }
    return next()
  }
}

var requireAccessToEntity = function(
  entityName,
  entityId,
  req,
  res,
  next,
  requiredStaffAccess = null
) {
  const loggedInUser = AuthenticationController.getSessionUser(req)
  if (!loggedInUser) {
    return AuthorizationMiddleware.redirectToRestricted(req, res, next)
  }

  return getEntity(
    entityName,
    entityId,
    loggedInUser,
    requiredStaffAccess,
    function(error, entity, entityConfig, entityExists) {
      if (error != null) {
        return next(error)
      }

      if (entity != null) {
        req.entity = entity
        req.entityConfig = entityConfig
        return next()
      }

      if (entityExists) {
        // user doesn't have access to entity
        return AuthorizationMiddleware.redirectToRestricted(req, res, next)
      }

      if (hasEntityCreationAccess(loggedInUser) && entityConfig.canCreate) {
        // entity doesn't exists, admin can create it
        return res.redirect(`/entities/${entityName}/create/${entityId}`)
      }

      return next(new Errors.NotFoundError())
    }
  )
}

var getEntity = function(
  entityName,
  entityId,
  user,
  requiredStaffAccess,
  callback
) {
  if (callback == null) {
    callback = function(error, entity, entityConfig, entityExists) {}
  }
  const entityConfig = EntityConfigs[entityName]
  if (!entityConfig) {
    return callback(new Errors.NotFoundError(`No such entity: ${entityName}`))
  }

  return UserMembershipHandler.getEntity(
    entityId,
    entityConfig,
    user,
    requiredStaffAccess,
    function(error, entity) {
      if (error != null) {
        return callback(error)
      }
      if (entity != null) {
        return callback(null, entity, entityConfig, true)
      }

      // no access to entity. Check if entity exists
      return UserMembershipHandler.getEntityWithoutAuthorizationCheck(
        entityId,
        entityConfig,
        function(error, entity) {
          if (error != null) {
            return callback(error)
          }
          return callback(null, null, entityConfig, entity != null)
        }
      )
    }
  )
}

var hasEntityCreationAccess = user =>
  user.isAdmin ||
  (user.staffAccess != null
    ? user.staffAccess['institutionManagement']
    : undefined) ||
  (user.staffAccess != null
    ? user.staffAccess['publisherManagement']
    : undefined)

function __guard__(value, transform) {
  return typeof value !== 'undefined' && value !== null
    ? transform(value)
    : undefined
}
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`/* eslint-disable`
			`handle-callback-err,`
			`max-len,`
			`*/`
			`// TODO: This file was created by bulk-decaffeinate.`
			`// Fix any style issues and re-enable lint.`
			`/*`
			`* decaffeinate suggestions:`
			`* DS102: Remove unnecessary code created because of implicit returns`
			`* DS103: Rewrite code to no longer use __guard__`
			`* DS207: Consider shorter variations of null checks`
			`* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md`
			`*/`
			`let UserMembershipAuthorization`
			`const AuthenticationController = require('../Authentication/AuthenticationController')`
			`const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')`
			`const UserMembershipHandler = require('./UserMembershipHandler')`
			`const EntityConfigs = require('./UserMembershipEntityConfigs')`
			`const Errors = require('../Errors/Errors')`
			`const logger = require('logger-sharelatex')`
			`const settings = require('settings-sharelatex')`
			`const request = require('request')`

			`module.exports = UserMembershipAuthorization = {`
			`requireTeamMetricsAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'team',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'groupMetrics'`
			`)`
			`},`

			`requireGroupManagementAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'group',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'groupManagement'`
			`)`
			`},`

			`requireGroupMetricsAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'group',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'groupMetrics'`
			`)`
			`},`

			`requireGroupManagersManagementAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'groupManagers',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'groupManagement'`
			`)`
			`},`

			`requireInstitutionMetricsAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'institution',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'institutionMetrics'`
			`)`
			`},`

			`requireInstitutionManagementAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'institution',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'institutionManagement'`
			`)`
			`},`

			`requirePublisherMetricsAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'publisher',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'publisherMetrics'`
			`)`
			`},`

			`requirePublisherManagementAccess(req, res, next) {`
			`return requireAccessToEntity(`
			`'publisher',`
			`req.params.id,`
			`req,`
			`res,`
			`next,`
			`'publisherManagement'`
			`)`
			`},`

			`requireTemplateMetricsAccess(req, res, next) {`
			`const templateId = req.params.id`
			`return request(`
			`{`
			`baseUrl: settings.apis.v1.url,`
			url: `/api/v2/templates/${templateId}`,
			`method: 'GET',`
			`auth: {`
			`user: settings.apis.v1.user,`
			`pass: settings.apis.v1.pass,`
			`sendImmediately: true`
			`}`
			`},`
			`(error, response, body) => {`
			`if (response.statusCode === 404) {`
			`return next(new Errors.NotFoundError())`
			`}`

			`if (response.statusCode !== 200) {`
			`logger.err(`
			`{ templateId },`
			`"[TemplateMetrics] Couldn't fetch template data from v1"`
			`)`
			`return next(new Error("Couldn't fetch template data from v1"))`
			`}`

			`if (error != null) {`
			`return next(error)`
			`}`
			`try {`
			`body = JSON.parse(body)`
			`} catch (error1) {`
			`error = error1`
			`return next(error)`
			`}`

			`req.template = {`
			`id: body.id,`
			`title: body.title`
			`}`
			`if (__guard__(body != null ? body.brand : undefined, x => x.slug)) {`
			`req.params.id = body.brand.slug`
			`return UserMembershipAuthorization.requirePublisherMetricsAccess(`
			`req,`
			`res,`
			`next`
			`)`
			`} else {`
			`return AuthorizationMiddleware.ensureUserIsSiteAdmin(req, res, next)`
			`}`
			`}`
			`)`
			`},`

			`requireGraphAccess(req, res, next) {`
			`req.params.id = req.query.resource_id`
			`if (req.query.resource_type === 'template') {`
			`return UserMembershipAuthorization.requireTemplateMetricsAccess(`
			`req,`
			`res,`
			`next`
			`)`
			`} else if (req.query.resource_type === 'institution') {`
			`return UserMembershipAuthorization.requireInstitutionMetricsAccess(`
			`req,`
			`res,`
			`next`
			`)`
			`} else if (req.query.resource_type === 'group') {`
			`return UserMembershipAuthorization.requireGroupMetricsAccess(`
			`req,`
			`res,`
			`next`
			`)`
			`} else if (req.query.resource_type === 'team') {`
			`return UserMembershipAuthorization.requireTeamMetricsAccess(`
			`req,`
			`res,`
			`next`
			`)`
			`}`
			`return requireAccessToEntity(`
			`req.query.resource_type,`
			`req.query.resource_id,`
			`req,`
			`res,`
			`next`
			`)`
			`},`

			`requireEntityCreationAccess(req, res, next) {`
			`const loggedInUser = AuthenticationController.getSessionUser(req)`
			`if (!loggedInUser \|\| !hasEntityCreationAccess(loggedInUser)) {`
			`return AuthorizationMiddleware.redirectToRestricted(req, res, next)`
			`}`
			`return next()`
			`}`
			`}`

			`var requireAccessToEntity = function(`
			`entityName,`
			`entityId,`
			`req,`
			`res,`
			`next,`
			`requiredStaffAccess = null`
			`) {`
			`const loggedInUser = AuthenticationController.getSessionUser(req)`
			`if (!loggedInUser) {`
			`return AuthorizationMiddleware.redirectToRestricted(req, res, next)`
			`}`

			`return getEntity(`
			`entityName,`
			`entityId,`
			`loggedInUser,`
			`requiredStaffAccess,`
			`function(error, entity, entityConfig, entityExists) {`
			`if (error != null) {`
			`return next(error)`
			`}`

			`if (entity != null) {`
			`req.entity = entity`
			`req.entityConfig = entityConfig`
			`return next()`
			`}`

			`if (entityExists) {`
			`// user doesn't have access to entity`
			`return AuthorizationMiddleware.redirectToRestricted(req, res, next)`
			`}`

			`if (hasEntityCreationAccess(loggedInUser) && entityConfig.canCreate) {`
			`// entity doesn't exists, admin can create it`
			return res.redirect(`/entities/${entityName}/create/${entityId}`)
			`}`

			`return next(new Errors.NotFoundError())`
			`}`
			`)`
			`}`

			`var getEntity = function(`
			`entityName,`
			`entityId,`
			`user,`
			`requiredStaffAccess,`
			`callback`
			`) {`
			`if (callback == null) {`
			`callback = function(error, entity, entityConfig, entityExists) {}`
			`}`
			`const entityConfig = EntityConfigs[entityName]`
			`if (!entityConfig) {`
			return callback(new Errors.NotFoundError(`No such entity: ${entityName}`))
			`}`

			`return UserMembershipHandler.getEntity(`
			`entityId,`
			`entityConfig,`
			`user,`
			`requiredStaffAccess,`
			`function(error, entity) {`
			`if (error != null) {`
			`return callback(error)`
			`}`
			`if (entity != null) {`
			`return callback(null, entity, entityConfig, true)`
			`}`

			`// no access to entity. Check if entity exists`
			`return UserMembershipHandler.getEntityWithoutAuthorizationCheck(`
			`entityId,`
			`entityConfig,`
			`function(error, entity) {`
			`if (error != null) {`
			`return callback(error)`
			`}`
			`return callback(null, null, entityConfig, entity != null)`
			`}`
			`)`
			`}`
			`)`
			`}`

			`var hasEntityCreationAccess = user =>`
			`user.isAdmin \|\|`
			`(user.staffAccess != null`
			`? user.staffAccess['institutionManagement']`
			`: undefined) \|\|`
			`(user.staffAccess != null`
			`? user.staffAccess['publisherManagement']`
			`: undefined)`

			`function __guard__(value, transform) {`
			`return typeof value !== 'undefined' && value !== null`
			`? transform(value)`
			`: undefined`
			`}`