overleaf/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee

AuthenticationController = require('../Authentication/AuthenticationController')
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
UserMembershipHandler = require('./UserMembershipHandler')
EntityConfigs = require('./UserMembershipEntityConfigs')
Errors = require('../Errors/Errors')
logger = require("logger-sharelatex")

module.exports =
	requireEntityAccess: (entityName, entityIdOverride = null) ->
		(req, res, next) ->
			loggedInUser = AuthenticationController.getSessionUser(req)
			unless loggedInUser
				return AuthorizationMiddlewear.redirectToRestricted req, res, next

			entityId = entityIdOverride or req.params.id
			getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) ->
				return next(error) if error?
				unless entity?
					return AuthorizationMiddlewear.redirectToRestricted(req, res, next)

				req.entity = entity
				req.entityConfig = entityConfig
				next()

getEntity = (entityName, entityId, userId, callback = (error, entity, entityConfig)->) ->
	entityConfig = EntityConfigs[entityName]
	unless entityConfig
		return callback(new Errors.NotFoundError("No such entity: #{entityName}"))

	UserMembershipHandler.getEntity entityId, entityConfig, userId, (error, entity)->
		return callback(error) if error?
		callback(null, entity, entityConfig)
Merge pull request #1042 from sharelatex/ta-user-membership-access User Membership Access Refactor GitOrigin-RevId: 23e8d342bc4829450625146213ff92cb042550dd 2018-10-24 09:50:34 -04:00			`AuthenticationController = require('../Authentication/AuthenticationController')`
			`AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')`
			`UserMembershipHandler = require('./UserMembershipHandler')`
			`EntityConfigs = require('./UserMembershipEntityConfigs')`
			`Errors = require('../Errors/Errors')`
			`logger = require("logger-sharelatex")`

			`module.exports =`
Merge pull request #1088 from sharelatex/ta-fix-entity-id-scope Fix Scope Bug in Group Access Control GitOrigin-RevId: 7d2cb5fc08e0c7e4bd1b70c03b62620bb7dd8d41 2018-10-30 06:02:30 -04:00			`requireEntityAccess: (entityName, entityIdOverride = null) ->`
Merge pull request #1042 from sharelatex/ta-user-membership-access User Membership Access Refactor GitOrigin-RevId: 23e8d342bc4829450625146213ff92cb042550dd 2018-10-24 09:50:34 -04:00			`(req, res, next) ->`
			`loggedInUser = AuthenticationController.getSessionUser(req)`
			`unless loggedInUser`
			`return AuthorizationMiddlewear.redirectToRestricted req, res, next`

Merge pull request #1088 from sharelatex/ta-fix-entity-id-scope Fix Scope Bug in Group Access Control GitOrigin-RevId: 7d2cb5fc08e0c7e4bd1b70c03b62620bb7dd8d41 2018-10-30 06:02:30 -04:00			`entityId = entityIdOverride or req.params.id`
Merge pull request #1042 from sharelatex/ta-user-membership-access User Membership Access Refactor GitOrigin-RevId: 23e8d342bc4829450625146213ff92cb042550dd 2018-10-24 09:50:34 -04:00			`getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) ->`
			`return next(error) if error?`
			`unless entity?`
			`return AuthorizationMiddlewear.redirectToRestricted(req, res, next)`

			`req.entity = entity`
			`req.entityConfig = entityConfig`
			`next()`

			`getEntity = (entityName, entityId, userId, callback = (error, entity, entityConfig)->) ->`
			`entityConfig = EntityConfigs[entityName]`
			`unless entityConfig`
			`return callback(new Errors.NotFoundError("No such entity: #{entityName}"))`

			`UserMembershipHandler.getEntity entityId, entityConfig, userId, (error, entity)->`
			`return callback(error) if error?`
			`callback(null, entity, entityConfig)`