2017-09-28 11:06:08 -04:00
|
|
|
ProjectController = require "../Project/ProjectController"
|
2017-09-22 09:54:35 -04:00
|
|
|
AuthenticationController = require '../Authentication/AuthenticationController'
|
|
|
|
|
TokenAccessHandler = require './TokenAccessHandler'
|
2017-09-28 11:06:08 -04:00
|
|
|
Errors = require '../Errors/Errors'
|
2017-10-03 09:04:59 -04:00
|
|
|
logger = require 'logger-sharelatex'
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
module.exports = TokenAccessController =
|
|
|
|
|
|
|
|
|
|
readAndWriteToken: (req, res, next) ->
|
|
|
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
|
|
|
token = req.params['read_and_write_token']
|
|
|
|
|
logger.log {userId, token}, "requesting read-and-write token access"
|
|
|
|
|
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, project) ->
|
|
|
|
|
if err?
|
|
|
|
|
logger.err {err, token, userId},
|
|
|
|
|
"error getting project by readAndWrite token"
|
|
|
|
|
return next(err)
|
|
|
|
|
if !project?
|
|
|
|
|
logger.log {token, userId},
|
|
|
|
|
"no project found for readAndWrite token"
|
2017-09-28 11:06:08 -04:00
|
|
|
return next(new Errors.NotFoundError())
|
2017-09-22 09:54:35 -04:00
|
|
|
logger.log {userId, projectId: project._id},
|
|
|
|
|
"adding user to project with readAndWrite token"
|
|
|
|
|
TokenAccessHandler.addReadAndWriteUserToProject userId, project._id, (err) ->
|
|
|
|
|
if err?
|
|
|
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
|
|
|
"error adding user to project with readAndWrite token"
|
|
|
|
|
return next(err)
|
2017-09-28 11:06:08 -04:00
|
|
|
req.params.Project_id = project._id.toString()
|
|
|
|
|
return ProjectController.loadEditor(req, res, next)
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
|
readOnlyToken: (req, res, next) ->
|
|
|
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
|
|
|
token = req.params['read_only_token']
|
|
|
|
|
logger.log {userId, token}, "requesting read-only token access"
|
|
|
|
|
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project) ->
|
|
|
|
|
if err?
|
2017-10-03 09:04:59 -04:00
|
|
|
logger.err {err, token, userId},
|
2017-09-22 09:54:35 -04:00
|
|
|
"error getting project by readOnly token"
|
|
|
|
|
return next(err)
|
|
|
|
|
if !project?
|
|
|
|
|
logger.log {token, userId},
|
|
|
|
|
"no project found for readAndWrite token"
|
2017-09-28 11:06:08 -04:00
|
|
|
return next(new Errors.NotFoundError())
|
2017-09-22 09:54:35 -04:00
|
|
|
if !userId?
|
|
|
|
|
logger.log {userId, projectId: project._id},
|
|
|
|
|
"adding anonymous user to project with readOnly token"
|
2017-09-27 09:01:52 -04:00
|
|
|
TokenAccessHandler.grantSessionReadOnlyTokenAccess(req, project._id, token)
|
2017-09-28 11:06:08 -04:00
|
|
|
req.params.Project_id = project._id.toString()
|
2017-09-29 11:32:07 -04:00
|
|
|
req._anonToken = token
|
2017-09-28 11:06:08 -04:00
|
|
|
return ProjectController.loadEditor(req, res, next)
|
2017-09-22 09:54:35 -04:00
|
|
|
else
|
|
|
|
|
logger.log {userId, projectId: project._id},
|
|
|
|
|
"adding user to project with readOnly token"
|
|
|
|
|
TokenAccessHandler.addReadOnlyUserToProject userId, project._id, (err) ->
|
|
|
|
|
if err?
|
|
|
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
|
|
|
"error adding user to project with readAndWrite token"
|
|
|
|
|
return next(err)
|
2017-09-28 11:06:08 -04:00
|
|
|
req.params.Project_id = project._id.toString()
|
|
|
|
|
return ProjectController.loadEditor(req, res, next)
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
|
|
