agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-04 06:39:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

De-duplicate logic in TokenAccessController

Browse Source
This commit is contained in:
Shane Kilkelly
2017-11-01 14:05:29 +00:00
parent d8486afe5d
commit fcb04472a1
1 changed files with 16 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+16 -24
View File
@@ -11,6 +11,20 @@ module.exports = TokenAccessController =
req.params.Project_id = projectId.toString()
return ProjectController.loadEditor(req, res, next)
_tryHigherAccess: (token, userId, req, res, next) ->
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
if err?
logger.err {err, token, userId},
"[TokenAccess] error finding project with higher access"
return next(err)
if !project?
logger.log {token, userId},
"[TokenAccess] no project with higher access found for this user and token"
return next(new Errors.NotFoundError())
logger.log {token, userId, projectId: project._id},
"[TokenAccess] user has higher access to project, redirecting"
res.redirect(302, "/project/#{project._id}")
readAndWriteToken: (req, res, next) ->
userId = AuthenticationController.getLoggedInUserId(req)
token = req.params['read_and_write_token']
@@ -27,18 +41,7 @@ module.exports = TokenAccessController =
logger.log {token},
"[TokenAccess] No project found with read-write token, anonymous user, deny"
return next(new Errors.NotFoundError())
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
if err?
logger.err {err, token, userId},
"[TokenAccess] error finding project with higher access"
return next(err)
if !project?
logger.log {token, userId},
"[TokenAccess] no project with higher access found for this user and token"
return next(new Errors.NotFoundError())
logger.log {token, userId, projectId: project._id},
"[TokenAccess] user has higher access to project, redirecting"
res.redirect(302, "/project/#{project._id}")
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
else
if !userId?
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
@@ -80,18 +83,7 @@ module.exports = TokenAccessController =
logger.log {token},
"[TokenAccess] No project found with readOnly token, anonymous user, deny"
return next(new Errors.NotFoundError())
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
if err?
logger.err {err, token, userId},
"[TokenAccess] error finding project with higher access"
return next(err)
if !project?
logger.log {token, userId},
"[TokenAccess] no project with higher access found for this user and token"
return next(new Errors.NotFoundError())
logger.log {token, userId, projectId: project._id},
"[TokenAccess] user has higher access to project, redirecting"
res.redirect(302, "/project/#{project._id}")
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
else
if !userId?
logger.log {userId, projectId: project._id},