mirror of
https://github.com/overleaf/overleaf.git
synced 2025-01-10 20:02:38 +00:00
25d8e053be
* Fix `revokeAllUserSessions` call in `_cleanupUser` The user object should be passed, not the _id * Change `revokeAllUserSessions` signature, take `req` and `stayLoggedIn` arguments * Update uses of `revokeAllUserSessions` * Fix promisified `revokeAllUserSessions` args * Update tests * Destroy or Regenerate the session in the end of `revokeAllUserSessions` Per https://github.com/overleaf/internal/issues/17036#issuecomment-1938398570 * Revert "Destroy or Regenerate the session in the end of `revokeAllUserSessions`" This reverts commit fe30734dbe45b27d2931d2e43a711d591bb85787. * Rename `revokeAllUserSessions` to `removeSessionsFromRedis` * Fixup tests * Fix: add optional chaining in `req.sessionID` (!!) GitOrigin-RevId: d41676bf00f463230af495e09c65fb9ee521f49f
96 lines
2.2 KiB
JavaScript
96 lines
2.2 KiB
JavaScript
const {
|
|
db,
|
|
waitForDb,
|
|
READ_PREFERENCE_SECONDARY,
|
|
} = require('../app/src/infrastructure/mongodb')
|
|
const UserSessionsManager = require('../app/src/Features/User/UserSessionsManager')
|
|
|
|
const COMMIT = process.argv.includes('--commit')
|
|
const KEEP_SESSIONS = process.argv.includes('--keep-sessions')
|
|
|
|
const FULL_STAFF_ACCESS = {
|
|
publisherMetrics: true,
|
|
publisherManagement: true,
|
|
institutionMetrics: true,
|
|
institutionManagement: true,
|
|
groupMetrics: true,
|
|
groupManagement: true,
|
|
adminMetrics: true,
|
|
splitTestMetrics: true,
|
|
splitTestManagement: true,
|
|
}
|
|
|
|
function doesNotHaveFullStaffAccess(user) {
|
|
if (!user.staffAccess) {
|
|
return true
|
|
}
|
|
for (const field of Object.keys(FULL_STAFF_ACCESS)) {
|
|
if (!user.staffAccess[field]) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
function formatUser(user) {
|
|
user = Object.assign({}, user, user.staffAccess)
|
|
delete user.staffAccess
|
|
return user
|
|
}
|
|
|
|
async function main() {
|
|
await waitForDb()
|
|
const adminUsers = await db.users
|
|
.find(
|
|
{ isAdmin: true },
|
|
{
|
|
projection: {
|
|
_id: 1,
|
|
email: 1,
|
|
staffAccess: 1,
|
|
},
|
|
readPreference: READ_PREFERENCE_SECONDARY,
|
|
}
|
|
)
|
|
.toArray()
|
|
|
|
console.log('All Admin users:')
|
|
console.table(adminUsers.map(formatUser))
|
|
|
|
const incompleteUsers = adminUsers.filter(doesNotHaveFullStaffAccess)
|
|
if (incompleteUsers.length === 0) {
|
|
console.warn('All Admin users have full staff access.')
|
|
return
|
|
}
|
|
|
|
console.log()
|
|
console.log('Incomplete staff access:')
|
|
console.table(incompleteUsers.map(formatUser))
|
|
|
|
if (COMMIT) {
|
|
for (const user of incompleteUsers) {
|
|
console.error(
|
|
`Granting ${user.email} (${user._id.toString()}) full staff access`
|
|
)
|
|
await db.users.updateOne(
|
|
{ _id: user._id, isAdmin: true },
|
|
{ $set: { staffAccess: FULL_STAFF_ACCESS } }
|
|
)
|
|
if (!KEEP_SESSIONS) {
|
|
await UserSessionsManager.promises.removeSessionsFromRedis(user)
|
|
}
|
|
}
|
|
} else {
|
|
console.warn('Use --commit to grant missing staff access.')
|
|
}
|
|
}
|
|
|
|
main()
|
|
.then(() => {
|
|
console.error('Done.')
|
|
process.exit(0)
|
|
})
|
|
.catch(error => {
|
|
console.error({ error })
|
|
process.exit(1)
|
|
})
|