Skip to content

Commit

Permalink
Merge pull request dmolchanenko#2 from wolterskluwer-redwoodhq/condit…
Browse files Browse the repository at this point in the history 
…ional-access

conditional access feature
  • Loading branch information
Wolters Kluwer - UpToDate authored Sep 9, 2016
2 parents 9f6d7ce + 26ddd65 commit ae7f2fc
Show file tree
Hide file tree
Showing 6 changed files with 147 additions and 37 deletions.
7 changes: 6 additions & 1 deletion public/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ Ext.application({
var mainTab = Ext.ComponentQuery.query('#mainTabPanel')[0];
if(Ext.util.Cookies.get('role') == "Test Designer"){
mainTab.remove(mainTab.down("#adminTab"));
//dev changes user specific access
//mainTab.remove(mainTab.down("#ScriptBrowser"));
mainTab.down("scriptBrowser").down("#compileBar").hide();
mainTab.down("scriptBrowser").down("#saveAll").hide();
mainTab.down("scriptBrowser").down("#push").hide();
Expand All @@ -23,7 +25,10 @@ Ext.application({
mainTab.down("actions").down("#deleteAction").hide();
mainTab.down("actions").down("#cloneAction").hide();
mainTab.down("actions").down("#newAction").hide();
}
//dev changes
} else if(Ext.util.Cookies.get('role') == "Developer") {
mainTab.remove(mainTab.down("#adminTab"));
} //dev changes
},

controllers: [
Expand Down
7 changes: 7 additions & 0 deletions public/model/Users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@ Ext.define('Redwood.model.Users', {
}, {
name: 'status',
type: 'string'
},
//dev changes
{
name: 'projects',
type: 'array'
}
//dev changes

]
});
35 changes: 34 additions & 1 deletion public/view/UserEdit.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@ Ext.define('Redwood.view.UserEdit', {
var newUser = {};
newUser.name = form.getFieldValues().name;
newUser.tag = form.getFieldValues().tag;
//dev changes
newUser.projects = form.getFieldValues().projects;
//dev changes
newUser.password = form.getFieldValues().firstpassword;
newUser.username = form.getFieldValues().username;
newUser.email = form.getFieldValues().email;
Expand Down Expand Up @@ -208,7 +211,37 @@ Ext.define('Redwood.view.UserEdit', {
}
}
}
}
},
//dev changes
{
xtype:"combofieldbox",
afterLabelTextTpl: this.requiredText,
fieldLabel: 'Projects',
displayField:"name",
descField:"name",
height:24,
labelWidth: 100,
forceSelection:false,
createNewOnEnter:false,
encodeSubmitValue:true,
autoSelect: false,
triggerAction: 'all',
store:Ext.data.StoreManager.lookup('Projects'),
valueField:"_id",
queryMode: 'local',
removeOnDblClick:true,
allowBlank: false,
maskRe: /[a-z_0-9_A-Z_-]/,
name:"projects",
listeners: {
specialkey: function(field, e){
if (e.getKey() == e.ENTER) {
this.up('form').down("#submit").handler();
}
}
}
}
//dev changes
,{
xtype:'textfield',
vtype: 'passwordTest',
Expand Down
95 changes: 66 additions & 29 deletions routes/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ var sessions = {};
var projects = require('../routes/projects');
var userState = require('../routes/userStates');
var realtime = require("./realtime");
var common = require('../common');

exports.loginPage = function(req,res){
res.redirect('/login.html');
Expand All @@ -22,17 +23,27 @@ exports.loadSessions = function(){
};

exports.logIn = function (req,res,next){
verifyUser(req.body.username,req.body.password,function(userFound,role){
verifyUser(req.body.username,req.body.password,function(userFound,user){
console.log(user);
//common.logger.info("projects",user.projects[0]);
if (userFound){
require('crypto').randomBytes(20, function(ex, buf) {
realtime.emitMessage("Login",req.body.username);
var token = buf.toString('hex');
sessions[req.body.username] = {sessionid:token,expires:new Date(Date.now() + 2592000000),role:role};
console.log("role:", user.role);
common.logger.info("login projects", user.projects);
sessions[req.body.username] = {sessionid:token,expires:new Date(Date.now() + 2592000000),role:user.role, userId:user._id, projects:user.projects};
storeSession(req.body.username,token,new Date(Date.now() + 2592000000));
res.cookie('sessionid', token, { expires: new Date(Date.now() + 2592000000), httpOnly: false});
res.cookie('username', req.body.username, {maxAge: 2592000000, httpOnly: false });
res.cookie('role', role, {maxAge: 2592000000, httpOnly: false });
res.cookie('role', user.role, {maxAge: 2592000000, httpOnly: false });
res.cookie('userId', user._id, {maxAge: 2592000000, httpOnly: false });
if (user.role !== 'Admin') {
res.cookie('projects', user.projects, {maxAge: 2592000000, httpOnly: false });
res.cookie('userDefaultProject', user.projects[0], {maxAge: 2592000000, httpOnly: false });
}
return next();

});
}
else{
Expand All @@ -43,57 +54,83 @@ exports.logIn = function (req,res,next){

function logInSucess(req,res){
userState.GetUserProject(req.cookies.username,function(project){
console.log("######################################");
console.log(res);
var roleField = res.get("set-cookie")[2].split(";");
var userRole = roleField[0].split("=")[1];

if(userRole !== 'Admin') {
var projectField = res.get("set-cookie")[5].split(";");
var defaultProjectID = projectField[0].split("=")[1];
}
//common.logger.info("cookie projects string", defaultProjectID);
//common.logger.info("cookie userRole string", userRole);
//common.logger.info("cookie projects", res.get("set-cookie")[3].indexOf("="));
//common.logger.info("cookie projects length", res.get("set-cookie")[3].length);
//common.logger.info("cookie projects typeod", typeof res.get("set-cookie")[3]);
//common.logger.info("user projects", req.cookies.projects[0]);
//common.logger.info("resp project", project);
//common.logger.info("cookie project",req.cookies.project);
//var userDefaultProject = req.cookies.projects[0];
if(req.cookies.deeplink){
common.logger.info("at if logic");
res.clearCookie('deeplink');
if(req.originalUrl != "/index.html"){
res.json({error:null,redirect:req.cookies.deeplink});
}
else{
res.json({error:null,redirect:"./index.html"});
}
}
else if ((project == null) && ((req.cookies.project === undefined)||(req.cookies.project == "") )){
common.logger.info("resp project", project);
projects.allProjects(function(projects){
res.cookie('project', projects[0].name, {maxAge: 2592000000, httpOnly: false });
res.redirect("/index.html");
// res.json({error:null,redirect:"./index.html"});
if(userRole !== "Admin") {
projects.forEach(function(project){
common.logger.info("project name if logic", project._id.toString());
if (project._id.toString() == defaultProjectID){
res.cookie('project', project.name, {maxAge: 2592000000, httpOnly: false });
}
});
} else {
res.cookie('project', projects[0].name, {maxAge: 2592000000, httpOnly: false });
}
if(req.originalUrl != "/index.html"){
res.json({error:null,redirect:"./index.html"});
}
else{
res.json({error:null,redirect:"./index.html"});
}
});
}
else if (project == null){
else if ((project == null) || (req.cookies.project === undefined) || (req.cookies.project == "")){
common.logger.info("at else logic");
projects.allProjects(function(projects){
var found = false;
projects.forEach(function(project){
if (project.name === req.cookies.project){
found = true;
}
});
if (found == false){
if(userRole !== "Admin") {
projects.forEach(function(project){
if (project._id.toString() == defaultProjectID){
found = true;
res.cookie('project', project.name, {maxAge: 2592000000, httpOnly: false });
}
});
} else {
res.cookie('project', projects[0].name, {maxAge: 2592000000, httpOnly: false });
}

res.json({error:null,redirect:"./index.html"});
});
}
else{
if ((req.cookies.project === undefined)||(req.cookies.project == "")){
res.cookie('project', project, {maxAge: 2592000000, httpOnly: false });
}
res.json({error:null,redirect:"./index.html"});
}
})
}
exports.logInSucess = function(req,res){
logInSucess(req,res)
};

exports.auth = function(req,res,next){
//common.logger.info("Original url", req.originalUrl);
if (sessions[req.cookies.username] != undefined){
if (req.cookies.sessionid == sessions[req.cookies.username].sessionid){
if (req.cookies.project == undefined){
if(req.originalUrl == "/index.html"){
common.logger.info("Original url", req.originalUrl);
res.cookie('deeplink', req.originalUrl, {maxAge: 2592000000, httpOnly: false });
return next();
}
else{
common.logger.info("Original url", req.originalUrl);
logInSucess(req,res);
return;
}
Expand Down Expand Up @@ -139,8 +176,8 @@ function verifyUser(username,password,callback){
callback(false,null);
}
else{
callback(true,user.role);
callback(true,user);
}
});
})
}
}
39 changes: 33 additions & 6 deletions routes/projects.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,38 @@ exports.projectsPut = function(req, res){

exports.projectsGet = function(req, res){
GetProjects(app.getDB(),{},function(data){
//dev changes
common.logger.info("my projects", req.cookies.projects);
var userProjects = req.cookies.projects, userRole = req.cookies.role, userId = req.cookies.userId, projectCollection = [];
var ObjectID = require('mongodb').ObjectID;

common.logger.info("userRole:", userRole, "userProjects:", userProjects);
if(userRole !== "Admin") {
for (var i = 0; i < data.length; i++){

common.logger.info("Project id:", data[i]._id.toString());

common.logger.info("Project exists:", userProjects.indexOf(data[i]._id.toString()));
if(userProjects.indexOf(data[i]._id.toString()) > -1){
projectCollection.push(data[i]);
}
}

} else {
projectCollection = data;
}
common.logger.info(projectCollection);
//dev changes

res.contentType('json');
res.json({
success: true,
projects: data
//dev changes
projects: projectCollection
});
});
}, req);
};

//dev changes
exports.projectsDelete = function(req, res){
var db = app.getDB();
var id = new ObjectID(req.params.id);
Expand Down Expand Up @@ -360,15 +384,18 @@ function DeleteProjects(db,data,projectName,callback){
*/
callback();
}

function GetProjects(db,query,callback){
//dev changes
function GetProjects(db,query,callback, req){
//dev changes
var projects = [];

db.collection('projects', function(err, collection) {
collection.find(query, {}, function(err, cursor) {
cursor.each(function(err, project) {
if(project == null) {
callback(projects);
//dev changes
callback(projects, req);
//dev changes
return;
}
projects.push(project);
Expand Down
1 change: 1 addition & 0 deletions routes/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,7 @@ function UpdateUsers(db,data,callback){
u.name = data.name;
u.tag = data.tag;
u.email = data.email;
u.projects = data.projects;
u._id = data._id;
if(data.password){
u.password = data.password;
Expand Down

0 comments on commit ae7f2fc

Please sign in to comment.