From aff47a4b110366956798106e4a3d8e1d54f1f634 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Alby?= Date: Thu, 25 Oct 2018 17:08:36 +0200 Subject: [PATCH] Merge pull request #1062 from sharelatex/ta-metric-authorization Use UserMembership Authorization Middlewear for Metrics GitOrigin-RevId: a145527723539696c2659baa16c507ab54f629a3 --- .../UserMembership/UserMembershipAuthorization.coffee | 4 ++-- .../UserMembership/UserMembershipEntityConfigs.coffee | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee b/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee index 334498ad8c..249eb86bf7 100644 --- a/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee +++ b/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee @@ -6,13 +6,13 @@ Errors = require('../Errors/Errors') logger = require("logger-sharelatex") module.exports = - requireEntityAccess: (entityName) -> + requireEntityAccess: (entityName, entityId = null) -> (req, res, next) -> loggedInUser = AuthenticationController.getSessionUser(req) unless loggedInUser return AuthorizationMiddlewear.redirectToRestricted req, res, next - entityId = req.params.id + entityId = req.params.id unless entityId? getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) -> return next(error) if error? unless entity? diff --git a/services/web/app/coffee/Features/UserMembership/UserMembershipEntityConfigs.coffee b/services/web/app/coffee/Features/UserMembership/UserMembershipEntityConfigs.coffee index 9d1ec5fdbf..03e4bdf5ef 100644 --- a/services/web/app/coffee/Features/UserMembership/UserMembershipEntityConfigs.coffee +++ b/services/web/app/coffee/Features/UserMembership/UserMembershipEntityConfigs.coffee @@ -19,6 +19,14 @@ module.exports = removeInvite: '/subscription/invites' exportMembers: '/subscription/group/export' + team: # for metrics only + modelName: 'Subscription' + fields: + primaryKey: 'overleaf.id' + access: 'manager_ids' + baseQuery: + groupPlan: true + groupManagers: modelName: 'Subscription' fields: