Add and remove collaborators with HTTP requests, not websockets

services/web/app/coffee/Features/Editor/EditorController.coffee

@@ -150,15 +150,17 @@ module.exports = EditorController =
 				callback null, false
 			else
 				CollaboratorsHandler.addUserToProject project_id, email, privileges, (err, user)=>
+					return callback(err) if error?
+					# Flush to TPDS to add files to collaborator's Dropbox
 					ProjectEntityHandler.flushProjectToThirdPartyDataStore project_id, ->
 					EditorRealTimeController.emitToRoom(project_id, 'userAddedToProject', user, privileges)
 					callback null, ProjectEditorHandler.buildUserModelView(user, privileges)
 
-	removeUserFromProject: (project_id, user_id, callback)->
-		CollaboratorsHandler.removeUserFromProject project_id, user_id, =>
+	removeUserFromProject: (project_id, user_id, callback = (error) ->)->
+		CollaboratorsHandler.removeUserFromProject project_id, user_id, (error) =>
+			return callback(error) if error?
 			EditorRealTimeController.emitToRoom(project_id, 'userRemovedFromProject', user_id)
-			if callback?
-				callback()
+			callback()
 
 	setDoc: (project_id, doc_id, docLines, source, callback = (err)->)->
 		DocumentUpdaterHandler.setDocument project_id, doc_id, docLines, source, (err)=>

services/web/app/coffee/Features/Editor/EditorHttpController.coffee

@@ -76,5 +76,18 @@ module.exports = EditorHttpController =
 		EditorController.deleteEntity project_id, entity_id, entity_type, "editor", (error) ->
 			return next(error) if error?
 			res.send 204
-
+			
+	addUserToProject: (req, res, next) ->
+		project_id = req.params.Project_id
+		{email, privileges} = req.body
+		EditorController.addUserToProject project_id, email, privileges, (error, user) ->
+			return next(error) if error?
+			res.json user: user
+			
+	removeUserFromProject: (req, res, next) ->
+		project_id = req.params.Project_id
+		user_id    = req.params.user_id
+		EditorController.removeUserFromProject project_id, user_id, (error)->
+			return next(error) if error?
+			res.send 204
 

services/web/app/coffee/Features/Editor/EditorRouter.coffee

@@ -0,0 +1,19 @@
+EditorHttpController = require('./EditorHttpController')
+SecurityManager = require('../../managers/SecurityManager')
+
+module.exports =
+	apply: (app) ->
+		app.post   '/project/:Project_id/doc', SecurityManager.requestCanModifyProject, EditorHttpController.addDoc
+		app.post   '/project/:Project_id/folder', SecurityManager.requestCanModifyProject, EditorHttpController.addFolder
+
+		app.post   '/project/:Project_id/:entity_type/:entity_id/rename', SecurityManager.requestCanModifyProject, EditorHttpController.renameEntity
+		app.post   '/project/:Project_id/:entity_type/:entity_id/move', SecurityManager.requestCanModifyProject, EditorHttpController.moveEntity
+
+		app.delete '/project/:Project_id/file/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteFile
+		app.delete '/project/:Project_id/doc/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteDoc
+		app.delete '/project/:Project_id/folder/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteFolder
+
+		app.post   '/project/:Project_id/doc/:doc_id/restore', SecurityManager.requestCanModifyProject, EditorHttpController.restoreDoc
+
+		app.post   '/project/:Project_id/users', SecurityManager.requestIsOwner, EditorHttpController.addUserToProject
+		app.delete '/project/:Project_id/users/:user_id', SecurityManager.requestIsOwner, EditorHttpController.removeUserFromProject

services/web/app/coffee/router.coffee

@@ -6,7 +6,7 @@ SpellingController = require('./Features/Spelling/SpellingController')
 SecurityManager = require('./managers/SecurityManager')
 AuthorizationManager = require('./Features/Security/AuthorizationManager')
 EditorController = require("./Features/Editor/EditorController")
-EditorHttpController = require("./Features/Editor/EditorHttpController")
+EditorRouter = require("./Features/Editor/EditorRouter")
 EditorUpdatesController = require("./Features/Editor/EditorUpdatesController")
 Settings = require('settings-sharelatex')
 TpdsController = require('./Features/ThirdPartyDataStore/TpdsController')
@@ -62,6 +62,7 @@ module.exports = class Router
 		app.get  '/register', UserPagesController.registerPage
 		app.post '/register', UserController.register
 
+		EditorRouter.apply(app)
 		SubscriptionRouter.apply(app)
 		UploadsRouter.apply(app)
 		PasswordResetRouter.apply(app)
@@ -98,16 +99,6 @@ module.exports = class Router
 
 		app.post '/project/:Project_id/settings', SecurityManager.requestCanModifyProject, ProjectController.updateProjectSettings
 
-		app.post '/project/:Project_id/doc', SecurityManager.requestCanModifyProject, EditorHttpController.addDoc
-		app.post '/project/:Project_id/folder', SecurityManager.requestCanModifyProject, EditorHttpController.addFolder
-
-		app.post '/project/:Project_id/:entity_type/:entity_id/rename', SecurityManager.requestCanModifyProject, EditorHttpController.renameEntity
-		app.post '/project/:Project_id/:entity_type/:entity_id/move', SecurityManager.requestCanModifyProject, EditorHttpController.moveEntity
-
-		app.delete '/project/:Project_id/file/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteFile
-		app.delete '/project/:Project_id/doc/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteDoc
-		app.delete '/project/:Project_id/folder/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteFolder
-
 		app.post '/project/:Project_id/compile', SecurityManager.requestCanAccessProject, CompileController.compile
 		app.get  '/Project/:Project_id/output/output.pdf', SecurityManager.requestCanAccessProject, CompileController.downloadPdf
 		app.get  /^\/project\/([^\/]*)\/output\/(.*)$/,
@@ -133,8 +124,6 @@ module.exports = class Router
 		app.get  "/project/:Project_id/doc/:doc_id/diff", SecurityManager.requestCanAccessProject, TrackChangesController.proxyToTrackChangesApi
 		app.post "/project/:Project_id/doc/:doc_id/version/:version_id/restore", SecurityManager.requestCanAccessProject, TrackChangesController.proxyToTrackChangesApi
 
-		app.post "/project/:Project_id/doc/:doc_id/restore", SecurityManager.requestCanAccessProject, EditorHttpController.restoreDoc
-
 		app.post '/project/:project_id/leave', AuthenticationController.requireLogin(), CollaboratorsController.removeSelfFromProject
 		app.get  '/project/:Project_id/collaborators', SecurityManager.requestCanAccessProject(allow_auth_token: true), CollaboratorsController.getCollaborators
 

services/web/public/coffee/ide/share/controllers/ShareProjectModalController.coffee

@@ -28,11 +28,11 @@ define [
 			$scope.state.inflight = true
 			projectMembers
 				.addMember($scope.inputs.email, $scope.inputs.privileges)
-				.then (user) ->
+				.success (data) ->
 					$scope.state.inflight = false
 					$scope.inputs.email = ""
-					$scope.project.members.push user
-				.catch () ->
+					$scope.project.members.push data?.user
+				.error () ->
 					$scope.state.inflight = false
 					$scope.state.error = "Sorry, something went wrong :("
 
@@ -42,12 +42,12 @@ define [
 			$scope.state.inflight = true
 			projectMembers
 				.removeMember(member)
-				.then () ->
+				.success () ->
 					$scope.state.inflight = false
 					index = $scope.project.members.indexOf(member)
 					return if index == -1
 					$scope.project.members.splice(index, 1)
-				.catch () ->
+				.error () ->
 					$scope.state.inflight = false
 					$scope.state.error = "Sorry, something went wrong :("
 

services/web/public/coffee/ide/share/services/projectMembers.coffee

@@ -1,30 +1,21 @@
 define [
 	"base"
 ], (App) ->
-	App.factory "projectMembers", ["ide", "$q", (ide, $q) ->
+	App.factory "projectMembers", ["ide", "$http", (ide, $http) ->
 		return {
 			removeMember: (member) ->
-				deferred = $q.defer()
-
-				ide.socket.emit "removeUserFromProject", member._id, (error) =>
-					if error?
-						return deferred.reject(error)
-					deferred.resolve()
-
-				return deferred.promise
+				$http({
+					url: "/project/#{ide.project_id}/users/#{member._id}"
+					method: "DELETE"
+					headers:
+						"X-Csrf-Token": window.csrfToken
+				})
 
 			addMember: (email, privileges) ->
-				deferred = $q.defer()
-
-				ide.socket.emit "addUserToProject", email, privileges, (error, user) =>
-					if error?
-						return deferred.reject(error)
-
-					if !user
-						deferred.reject()
-					else
-						deferred.resolve(user)
-
-				return deferred.promise
+				$http.post("/project/#{ide.project_id}/users", {
+					email: email
+					privileges: privileges
+					_csrf: window.csrfToken
+				})
 		}
 	]

services/web/test/UnitTests/coffee/Editor/EditorHttpControllerTests.coffee

@@ -157,3 +157,37 @@ describe "EditorHttpController", ->
 
 		it "should send back a success response", ->
 			@res.send.calledWith(204).should.equal true
+			
+	describe "addUserToProject", ->
+		beforeEach ->
+			@req.params =
+				Project_id: @project_id
+			@req.body =
+				email: @email = "joe@example.com"
+				privileges: @privileges = "readAndWrite"
+			@EditorController.addUserToProject = sinon.stub().callsArgWith(3, null, @user = {"mock": "user"})
+			@EditorHttpController.addUserToProject @req, @res
+			
+		it "should add the user to the project", ->
+			@EditorController.addUserToProject
+				.calledWith(@project_id, @email, @privileges)
+				.should.equal true
+				
+		it "should send the back the added user", ->
+			@res.json.calledWith(user: @user).should.equal true
+			
+	describe "removeUserFromProject", ->
+		beforeEach ->
+			@req.params =
+				Project_id: @project_id
+				user_id: @user_id = "user-id-123"
+			@EditorController.removeUserFromProject = sinon.stub().callsArg(2)
+			@EditorHttpController.removeUserFromProject @req, @res
+			
+		it "should from the user from the project", ->
+			@EditorController.removeUserFromProject
+				.calledWith(@project_id, @user_id)
+				.should.equal true
+				
+		it "should send the back a success response", ->
+			@res.send.calledWith(204).should.equal true