overleaf/services/real-time/app/coffee/AuthorizationManager.coffee

module.exports = AuthorizationManager =
	assertClientCanViewProject: (client, callback = (error) ->) ->
		AuthorizationManager._assertClientHasPrivilegeLevel client, ["readOnly", "readAndWrite", "owner"], callback

	assertClientCanEditProject: (client, callback = (error) ->) ->
		AuthorizationManager._assertClientHasPrivilegeLevel client, ["readAndWrite", "owner"], callback
				
	_assertClientHasPrivilegeLevel: (client, allowedLevels, callback = (error) ->) ->
		if client.ol_context["privilege_level"] in allowedLevels
			callback null
		else
			callback new Error("not authorized")

	assertClientCanViewProjectAndDoc: (client, doc_id, callback = (error) ->) ->
		AuthorizationManager.assertClientCanViewProject client, (error) ->
			return callback(error) if error?
			AuthorizationManager._assertClientCanAccessDoc client, doc_id, callback

	assertClientCanEditProjectAndDoc: (client, doc_id, callback = (error) ->) ->
		AuthorizationManager.assertClientCanEditProject client, (error) ->
			return callback(error) if error?
			AuthorizationManager._assertClientCanAccessDoc client, doc_id, callback

	_assertClientCanAccessDoc: (client, doc_id, callback = (error) ->) ->
		if client.ol_context["doc:#{doc_id}"] is "allowed"
			callback null
		else
			callback new Error("not authorized")

	addAccessToDoc: (client, doc_id, callback = (error) ->) ->
		client.ol_context["doc:#{doc_id}"] = "allowed"
		callback(null)

	removeAccessToDoc: (client, doc_id, callback = (error) ->) ->
		delete client.ol_context["doc:#{doc_id}"]
		callback(null)
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`module.exports = AuthorizationManager =`
			`assertClientCanViewProject: (client, callback = (error) ->) ->`
			`AuthorizationManager._assertClientHasPrivilegeLevel client, ["readOnly", "readAndWrite", "owner"], callback`
Add appltOtUpdate end point (sans acceptance tests for now) 2014-11-13 12:07:05 -05:00
			`assertClientCanEditProject: (client, callback = (error) ->) ->`
			`AuthorizationManager._assertClientHasPrivilegeLevel client, ["readAndWrite", "owner"], callback`

Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`_assertClientHasPrivilegeLevel: (client, allowedLevels, callback = (error) ->) ->`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00			`if client.ol_context["privilege_level"] in allowedLevels`
			`callback null`
			`else`
			`callback new Error("not authorized")`
track permissions when clients join and leave docs 2016-09-02 11:35:00 -04:00
			`assertClientCanViewProjectAndDoc: (client, doc_id, callback = (error) ->) ->`
			`AuthorizationManager.assertClientCanViewProject client, (error) ->`
			`return callback(error) if error?`
			`AuthorizationManager._assertClientCanAccessDoc client, doc_id, callback`

			`assertClientCanEditProjectAndDoc: (client, doc_id, callback = (error) ->) ->`
			`AuthorizationManager.assertClientCanEditProject client, (error) ->`
			`return callback(error) if error?`
			`AuthorizationManager._assertClientCanAccessDoc client, doc_id, callback`

			`_assertClientCanAccessDoc: (client, doc_id, callback = (error) ->) ->`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00			`if client.ol_context["doc:#{doc_id}"] is "allowed"`
			`callback null`
			`else`
			`callback new Error("not authorized")`
track permissions when clients join and leave docs 2016-09-02 11:35:00 -04:00
			`addAccessToDoc: (client, doc_id, callback = (error) ->) ->`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00			`client.ol_context["doc:#{doc_id}"] = "allowed"`
			`callback(null)`
track permissions when clients join and leave docs 2016-09-02 11:35:00 -04:00
			`removeAccessToDoc: (client, doc_id, callback = (error) ->) ->`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00			`delete client.ol_context["doc:#{doc_id}"]`
			`callback(null)`