overleaf/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee

AuthenticationController = require('../Authentication/AuthenticationController')
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
UserMembershipHandler = require('./UserMembershipHandler')
EntityConfigs = require('./UserMembershipEntityConfigs')
Errors = require('../Errors/Errors')
logger = require("logger-sharelatex")

module.exports =
	requireTeamAccess: (req, res, next) ->
		requireAccessToEntity('team', req.params.id, req, res, next)

	requireGroupAccess: (req, res, next) ->
		requireAccessToEntity('group', req.params.id, req, res, next)

	requireGroupManagersAccess: (req, res, next) ->
		requireAccessToEntity('groupManagers', req.params.id, req, res, next)

	requireInstitutionAccess: (req, res, next) ->
		requireAccessToEntity('institution', req.params.id, req, res, next)

	requireGraphAccess: (req, res, next) ->
		requireAccessToEntity(
			req.query.resource_type, req.query.resource_id, req, res, next
		)

requireAccessToEntity = (entityName, entityId, req, res, next) ->
	loggedInUser = AuthenticationController.getSessionUser(req)
	unless loggedInUser
		return AuthorizationMiddlewear.redirectToRestricted req, res, next

	getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) ->
		return next(error) if error?
		unless entity?
			return AuthorizationMiddlewear.redirectToRestricted(req, res, next)

		req.entity = entity
		req.entityConfig = entityConfig
		next()

getEntity = (entityName, entityId, userId, callback = (error, entity, entityConfig)->) ->
	entityConfig = EntityConfigs[entityName]
	unless entityConfig
		return callback(new Errors.NotFoundError("No such entity: #{entityName}"))

	UserMembershipHandler.getEntity entityId, entityConfig, userId, (error, entity)->
		return callback(error) if error?
		callback(null, entity, entityConfig)
Merge pull request #1042 from sharelatex/ta-user-membership-access User Membership Access Refactor GitOrigin-RevId: 23e8d342bc4829450625146213ff92cb042550dd 2018-10-24 09:50:34 -04:00			`AuthenticationController = require('../Authentication/AuthenticationController')`
			`AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')`
			`UserMembershipHandler = require('./UserMembershipHandler')`
			`EntityConfigs = require('./UserMembershipEntityConfigs')`
			`Errors = require('../Errors/Errors')`
			`logger = require("logger-sharelatex")`

			`module.exports =`
Merge pull request #1091 from sharelatex/ta-entity-authorization-refactor UserMembershipAuthorization Refactor GitOrigin-RevId: 055cebcd9298ed6dace081198f68491a000cf4a3 2018-11-26 08:25:33 -05:00			`requireTeamAccess: (req, res, next) ->`
			`requireAccessToEntity('team', req.params.id, req, res, next)`

			`requireGroupAccess: (req, res, next) ->`
			`requireAccessToEntity('group', req.params.id, req, res, next)`

			`requireGroupManagersAccess: (req, res, next) ->`
			`requireAccessToEntity('groupManagers', req.params.id, req, res, next)`

			`requireInstitutionAccess: (req, res, next) ->`
			`requireAccessToEntity('institution', req.params.id, req, res, next)`

			`requireGraphAccess: (req, res, next) ->`
			`requireAccessToEntity(`
			`req.query.resource_type, req.query.resource_id, req, res, next`
			`)`

			`requireAccessToEntity = (entityName, entityId, req, res, next) ->`
			`loggedInUser = AuthenticationController.getSessionUser(req)`
			`unless loggedInUser`
			`return AuthorizationMiddlewear.redirectToRestricted req, res, next`

			`getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) ->`
			`return next(error) if error?`
			`unless entity?`
			`return AuthorizationMiddlewear.redirectToRestricted(req, res, next)`

			`req.entity = entity`
			`req.entityConfig = entityConfig`
			`next()`
Merge pull request #1042 from sharelatex/ta-user-membership-access User Membership Access Refactor GitOrigin-RevId: 23e8d342bc4829450625146213ff92cb042550dd 2018-10-24 09:50:34 -04:00
			`getEntity = (entityName, entityId, userId, callback = (error, entity, entityConfig)->) ->`
			`entityConfig = EntityConfigs[entityName]`
			`unless entityConfig`
			`return callback(new Errors.NotFoundError("No such entity: #{entityName}"))`

			`UserMembershipHandler.getEntity entityId, entityConfig, userId, (error, entity)->`
			`return callback(error) if error?`
			`callback(null, entity, entityConfig)`