agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-06 15:49:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3495 from overleaf/ae-prettier-2

Browse Source 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
This commit is contained in:
Alf Eaton
2021-04-14 14:17:21 +01:00
committed by Copybot
parent 930d7ba028
commit 1ebc8a79cb
582 changed files with 20382 additions and 20374 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/app/src/Features/Authorization/AuthorizationMiddleware.js
+137 -142
View File
@@ -11,7 +11,7 @@ const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')
module.exports = AuthorizationMiddleware = {
ensureUserCanReadMultipleProjects(req, res, next) {
const projectIds = (req.query.project_ids || '').split(',')
AuthorizationMiddleware._getUserId(req, function(error, userId) {
AuthorizationMiddleware._getUserId(req, function (error, userId) {
if (error) {
return next(error)
}
@@ -19,13 +19,13 @@ module.exports = AuthorizationMiddleware = {
// errors in callbacks
async.rejectSeries(
projectIds,
function(projectId, cb) {
function (projectId, cb) {
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserReadProject(
userId,
projectId,
token,
function(error, canRead) {
function (error, canRead) {
if (error) {
return next(error)
}
@@ -33,7 +33,7 @@ module.exports = AuthorizationMiddleware = {
}
)
},
function(unauthorizedProjectIds) {
function (unauthorizedProjectIds) {
if (unauthorizedProjectIds.length > 0) {
return AuthorizationMiddleware.redirectToRestricted(req, res, next)
}
@@ -44,178 +44,173 @@ module.exports = AuthorizationMiddleware = {
},
blockRestrictedUserFromProject(req, res, next) {
AuthorizationMiddleware._getUserAndProjectId(req, function(
error,
userId,
projectId
) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.isRestrictedUserForProject(
userId,
projectId,
token,
(err, isRestrictedUser) => {
if (err) {
return next(err)
}
if (isRestrictedUser) {
return res.sendStatus(403)
}
next()
AuthorizationMiddleware._getUserAndProjectId(
req,
function (error, userId, projectId) {
if (error) {
return next(error)
}
)
})
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.isRestrictedUserForProject(
userId,
projectId,
token,
(err, isRestrictedUser) => {
if (err) {
return next(err)
}
if (isRestrictedUser) {
return res.sendStatus(403)
}
next()
}
)
}
)
},
ensureUserCanReadProject(req, res, next) {
AuthorizationMiddleware._getUserAndProjectId(req, function(
error,
userId,
projectId
) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserReadProject(
userId,
projectId,
token,
function(error, canRead) {
if (error) {
return next(error)
}
if (canRead) {
AuthorizationMiddleware._getUserAndProjectId(
req,
function (error, userId, projectId) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserReadProject(
userId,
projectId,
token,
function (error, canRead) {
if (error) {
return next(error)
}
if (canRead) {
logger.log(
{ userId, projectId },
'allowing user read access to project'
)
return next()
}
logger.log(
{ userId, projectId },
'allowing user read access to project'
'denying user read access to project'
)
return next()
HttpErrorHandler.forbidden(req, res)
}
logger.log(
{ userId, projectId },
'denying user read access to project'
)
HttpErrorHandler.forbidden(req, res)
}
)
})
)
}
)
},
ensureUserCanWriteProjectSettings(req, res, next) {
AuthorizationMiddleware._getUserAndProjectId(req, function(
error,
userId,
projectId
) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserWriteProjectSettings(
userId,
projectId,
token,
function(error, canWrite) {
if (error) {
return next(error)
}
if (canWrite) {
AuthorizationMiddleware._getUserAndProjectId(
req,
function (error, userId, projectId) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserWriteProjectSettings(
userId,
projectId,
token,
function (error, canWrite) {
if (error) {
return next(error)
}
if (canWrite) {
logger.log(
{ userId, projectId },
'allowing user write access to project settings'
)
return next()
}
logger.log(
{ userId, projectId },
'allowing user write access to project settings'
'denying user write access to project settings'
)
return next()
HttpErrorHandler.forbidden(req, res)
}
logger.log(
{ userId, projectId },
'denying user write access to project settings'
)
HttpErrorHandler.forbidden(req, res)
}
)
})
)
}
)
},
ensureUserCanWriteProjectContent(req, res, next) {
AuthorizationMiddleware._getUserAndProjectId(req, function(
error,
userId,
projectId
) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserWriteProjectContent(
userId,
projectId,
token,
function(error, canWrite) {
if (error) {
return next(error)
}
if (canWrite) {
AuthorizationMiddleware._getUserAndProjectId(
req,
function (error, userId, projectId) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserWriteProjectContent(
userId,
projectId,
token,
function (error, canWrite) {
if (error) {
return next(error)
}
if (canWrite) {
logger.log(
{ userId, projectId },
'allowing user write access to project content'
)
return next()
}
logger.log(
{ userId, projectId },
'allowing user write access to project content'
'denying user write access to project settings'
)
return next()
HttpErrorHandler.forbidden(req, res)
}
logger.log(
{ userId, projectId },
'denying user write access to project settings'
)
HttpErrorHandler.forbidden(req, res)
}
)
})
)
}
)
},
ensureUserCanAdminProject(req, res, next) {
AuthorizationMiddleware._getUserAndProjectId(req, function(
error,
userId,
projectId
) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserAdminProject(
userId,
projectId,
token,
function(error, canAdmin) {
if (error) {
return next(error)
}
if (canAdmin) {
AuthorizationMiddleware._getUserAndProjectId(
req,
function (error, userId, projectId) {
if (error) {
return next(error)
}
const token = TokenAccessHandler.getRequestToken(req, projectId)
AuthorizationManager.canUserAdminProject(
userId,
projectId,
token,
function (error, canAdmin) {
if (error) {
return next(error)
}
if (canAdmin) {
logger.log(
{ userId, projectId },
'allowing user admin access to project'
)
return next()
}
logger.log(
{ userId, projectId },
'allowing user admin access to project'
'denying user admin access to project'
)
return next()
HttpErrorHandler.forbidden(req, res)
}
logger.log(
{ userId, projectId },
'denying user admin access to project'
)
HttpErrorHandler.forbidden(req, res)
}
)
})
)
}
)
},
ensureUserIsSiteAdmin(req, res, next) {
AuthorizationMiddleware._getUserId(req, function(error, userId) {
AuthorizationMiddleware._getUserId(req, function (error, userId) {
if (error) {
return next(error)
}
AuthorizationManager.isUserSiteAdmin(userId, function(error, isAdmin) {
AuthorizationManager.isUserSiteAdmin(userId, function (error, isAdmin) {
if (error) {
return next(error)
}
@@ -239,7 +234,7 @@ module.exports = AuthorizationMiddleware = {
new Errors.NotFoundError(`invalid projectId: ${projectId}`)
)
}
AuthorizationMiddleware._getUserId(req, function(error, userId) {
AuthorizationMiddleware._getUserId(req, function (error, userId) {
if (error) {
return callback(error)
}