mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
1a9bb5f4eb
Fix Scope Bug in Group Access Control GitOrigin-RevId: 7d2cb5fc08e0c7e4bd1b70c03b62620bb7dd8d41
32 lines
1.3 KiB
CoffeeScript
32 lines
1.3 KiB
CoffeeScript
AuthenticationController = require('../Authentication/AuthenticationController')
|
|
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
|
UserMembershipHandler = require('./UserMembershipHandler')
|
|
EntityConfigs = require('./UserMembershipEntityConfigs')
|
|
Errors = require('../Errors/Errors')
|
|
logger = require("logger-sharelatex")
|
|
|
|
module.exports =
|
|
requireEntityAccess: (entityName, entityIdOverride = null) ->
|
|
(req, res, next) ->
|
|
loggedInUser = AuthenticationController.getSessionUser(req)
|
|
unless loggedInUser
|
|
return AuthorizationMiddlewear.redirectToRestricted req, res, next
|
|
|
|
entityId = entityIdOverride or req.params.id
|
|
getEntity entityName, entityId, loggedInUser, (error, entity, entityConfig) ->
|
|
return next(error) if error?
|
|
unless entity?
|
|
return AuthorizationMiddlewear.redirectToRestricted(req, res, next)
|
|
|
|
req.entity = entity
|
|
req.entityConfig = entityConfig
|
|
next()
|
|
|
|
getEntity = (entityName, entityId, userId, callback = (error, entity, entityConfig)->) ->
|
|
entityConfig = EntityConfigs[entityName]
|
|
unless entityConfig
|
|
return callback(new Errors.NotFoundError("No such entity: #{entityName}"))
|
|
|
|
UserMembershipHandler.getEntity entityId, entityConfig, userId, (error, entity)->
|
|
return callback(error) if error?
|
|
callback(null, entity, entityConfig)
|