From 6b8de7bb6a167cc18604e2f9a5dce742bfb76f46 Mon Sep 17 00:00:00 2001
From: Erika Pauwels <erika.pauwels@gmail.com>
Date: Wed, 20 Jun 2018 08:18:47 +0200
Subject: [PATCH] Split mu-authorization-groups in mu-auth-allowed-groups and
 mu-auth-used-groups

---
 helpers/mu/sparql.js | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/helpers/mu/sparql.js b/helpers/mu/sparql.js
index 8897674..1a3822f 100644
--- a/helpers/mu/sparql.js
+++ b/helpers/mu/sparql.js
@@ -11,16 +11,16 @@ function newSparqlClient() {
       headers: {
         'mu-session-id': httpContext.get('request').get('mu-session-id'),
         'mu-call-id': httpContext.get('request').get('mu-call-id'),
-        'mu-authorization-groups': httpContext.get('request').get('mu-authorization-groups')
+        'mu-auth-allowed-groups': httpContext.get('request').get('mu-auth-allowed-groups') // groups of incoming request
       }
     }
   };
 
-  const authorizationGroups = httpContext.get('response').get('mu-authorization-groups');
-  if (authorizationGroups)
-    options.requestDefaults.headers['mu-authorization-groups'] = authorizationGroups;
+  const allowedGroups = httpContext.get('response').get('mu-auth-allowed-groups'); // groups returned by a previous SPARQL query
+  if (allowedGroups)
+    options.requestDefaults.headers['mu-auth-allowed-groups'] = allowedGroups;
 
-  console.log(`Add options on SparqlClient: ${JSON.stringify(options)}`);
+  console.log(`Headers set on SPARQL client: ${JSON.stringify(options)}`);
 
   return new SparqlClient(process.env.MU_SPARQL_ENDPOINT, options).register({
     mu: 'http://mu.semte.ch/vocabularies/',
@@ -33,13 +33,25 @@ function newSparqlClient() {
 function query( queryString ) {
   console.log(queryString);
   return newSparqlClient().query(queryString).executeRaw().then(response => {
-    const authorizationGroups = response.headers['mu-authorization-groups'];
-    if (authorizationGroups) {
-      httpContext.get('response').setHeader('mu-authorization-groups', authorizationGroups);
-      console.log(`Set mu-authorization-groups header to ${authorizationGroups}`);
+
+    // set mu-auth-allowed-groups on outgoing response
+    const allowedGroups = response.headers['mu-auth-allowed-groups'];
+    if (allowedGroups) {
+      httpContext.get('response').setHeader('mu-auth-allowed-groups', allowedGroups);
+      console.log(`Update mu-auth-allowed-groups to ${allowedGroups}`);
+    } else {
+      httpContext.get('response').removeHeader('mu-auth-allowed-groups');
+      console.log('Remove mu-auth-allowed-groups');
+    }
+
+    // set mu-auth-used-groups on outgoing response
+    const usedGroups = response.headers['mu-auth-used-groups'];
+    if (usedGroups) {
+      httpContext.get('response').setHeader('mu-auth-used-groups', usedGroups);
+      console.log(`Update mu-auth-used-groups to ${usedGroups}`);
     } else {
-      httpContext.get('response').removeHeader('mu-authorization-groups');
-      console.log('Remove mu-authorization-groups header');
+      httpContext.get('response').removeHeader('mu-auth-used-groups');
+      console.log('Remove mu-auth-used-groups');
     }
 
     function maybeParseJSON(body) {