overleaf/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee

33 lines
1.3 KiB
CoffeeScript
Raw Normal View History

AuthenticationController = require('../Authentication/AuthenticationController')
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
UserMembershipHandler = require('./UserMembershipHandler')
EntityConfigs = require('./UserMembershipEntityConfigs')
Errors = require('../Errors/Errors')
logger = require("logger-sharelatex")
module.exports =
requireEntityAccess: (entityName, entityId = null) ->
(req, res, next) ->
loggedInUser = AuthenticationController.getSessionUser(req)
unless loggedInUser
return AuthorizationMiddlewear.redirectToRestricted req, res, next
entityId = req.params.id unless entityId?
getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) ->
return next(error) if error?
unless entity?
return AuthorizationMiddlewear.redirectToRestricted(req, res, next)
req.entity = entity
req.entityConfig = entityConfig
next()
getEntity = (entityName, entityId, userId, callback = (error, entity, entityConfig)->) ->
entityConfig = EntityConfigs[entityName]
unless entityConfig
return callback(new Errors.NotFoundError("No such entity: #{entityName}"))
UserMembershipHandler.getEntity entityId, entityConfig, userId, (error, entity)->
return callback(error) if error?
callback(null, entity, entityConfig)