github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add more commentary on the anonymous path

Browse source
This commit is contained in:
Shane Kilkelly 2017-10-09 11:13:55 +01:00
parent e73de3bfd4
commit ad68adee9a
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
services/web/app/coffee/Features/Authorization/AuthorizationManager.coffee
View file

@ -34,17 +34,24 @@ module.exports = AuthorizationManager =
AuthorizationManager.getPublicAccessLevel project_id, (err, publicAccessLevel) ->
return callback(err) if err?
if publicAccessLevel == PublicAccessLevels.TOKEN_BASED
# Anonymous users can have read-only access to token-based projects,
# while read-write access must be logged in
TokenAccessHandler.requestHasReadOnlyTokenAccess req, project_id, (err, allowed) ->
return callback(err) if err?
if allowed
# Grant anonymous user read-only access
callback null, PrivilegeLevels.READ_ONLY, false
else
# Deny anonymous user access
callback null, PrivilegeLevels.NONE, false
else if publicAccessLevel == PublicAccessLevels.READ_ONLY
# Legacy public read-only access for anonymous user
callback null, PrivilegeLevels.READ_ONLY, true
else if publicAccessLevel == PublicAccessLevels.READ_AND_WRITE
# Legacy public read-write access for anonymous user
callback null, PrivilegeLevels.READ_AND_WRITE, true
else
# Deny anonymous user access
callback null, PrivilegeLevels.NONE, false
else
# User is present, get their privilege level from database