mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
d6350c963e
Now that find project by read and read/write token methods check whether the project exists, it is not neccessary to check whether the project exists in the higher access check. Therefore it has been removed
116 lines
5.3 KiB
CoffeeScript
116 lines
5.3 KiB
CoffeeScript
ProjectController = require "../Project/ProjectController"
|
|
AuthenticationController = require '../Authentication/AuthenticationController'
|
|
TokenAccessHandler = require './TokenAccessHandler'
|
|
Errors = require '../Errors/Errors'
|
|
logger = require 'logger-sharelatex'
|
|
settings = require 'settings-sharelatex'
|
|
|
|
module.exports = TokenAccessController =
|
|
|
|
_loadEditor: (projectId, req, res, next) ->
|
|
req.params.Project_id = projectId.toString()
|
|
return ProjectController.loadEditor(req, res, next)
|
|
|
|
_tryHigherAccess: (token, userId, req, res, next) ->
|
|
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
|
|
if err?
|
|
logger.err {err, token, userId},
|
|
"[TokenAccess] error finding project with higher access"
|
|
return next(err)
|
|
if !project?
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no project with higher access found for this user and token"
|
|
return next(new Errors.NotFoundError())
|
|
logger.log {token, userId, projectId: project._id},
|
|
"[TokenAccess] user has higher access to project, redirecting"
|
|
res.redirect(302, "/project/#{project._id}")
|
|
|
|
readAndWriteToken: (req, res, next) ->
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
token = req.params['read_and_write_token']
|
|
logger.log {userId, token}, "[TokenAccess] requesting read-and-write token access"
|
|
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, project, projectExists) ->
|
|
if err?
|
|
logger.err {err, token, userId},
|
|
"[TokenAccess] error getting project by readAndWrite token"
|
|
return next(err)
|
|
if !projectExists and settings.overleaf
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no project found for this token"
|
|
return res.redirect(302, settings.overleaf.host + '/' + token)
|
|
if !project?
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no token-based project found for readAndWrite token"
|
|
if !userId?
|
|
logger.log {token},
|
|
"[TokenAccess] No project found with read-write token, anonymous user, deny"
|
|
return next(new Errors.NotFoundError())
|
|
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
|
|
else
|
|
if !userId?
|
|
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
|
|
logger.log {token, projectId: project._id},
|
|
"[TokenAccess] allow anonymous read-and-write token access"
|
|
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
|
req._anonymousAccessToken = token
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
else
|
|
logger.log {token, projectId: project._id},
|
|
"[TokenAccess] deny anonymous read-and-write token access"
|
|
AuthenticationController._setRedirectInSession(req)
|
|
return res.redirect('/restricted')
|
|
if project.owner_ref.toString() == userId
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] user is already project owner"
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] adding user to project with readAndWrite token"
|
|
TokenAccessHandler.addReadAndWriteUserToProject userId, project._id, (err) ->
|
|
if err?
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
"[TokenAccess] error adding user to project with readAndWrite token"
|
|
return next(err)
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
|
|
readOnlyToken: (req, res, next) ->
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
token = req.params['read_only_token']
|
|
logger.log {userId, token}, "[TokenAccess] requesting read-only token access"
|
|
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project, projectExists) ->
|
|
if err?
|
|
logger.err {err, token, userId},
|
|
"[TokenAccess] error getting project by readOnly token"
|
|
return next(err)
|
|
if !projectExists and settings.overleaf
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no project found for this token"
|
|
return res.redirect(302, settings.overleaf.host + '/read/' + token)
|
|
if !project?
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no project found for readOnly token"
|
|
if !userId?
|
|
logger.log {token},
|
|
"[TokenAccess] No project found with readOnly token, anonymous user, deny"
|
|
return next(new Errors.NotFoundError())
|
|
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
|
|
else
|
|
if !userId?
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] adding anonymous user to project with readOnly token"
|
|
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
|
req._anonymousAccessToken = token
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
else
|
|
if project.owner_ref.toString() == userId
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] user is already project owner"
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] adding user to project with readOnly token"
|
|
TokenAccessHandler.addReadOnlyUserToProject userId, project._id, (err) ->
|
|
if err?
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
"[TokenAccess] error adding user to project with readAndWrite token"
|
|
return next(err)
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
|