Permalink
Browse files

Fix auth scope route now that we're using XM.SimpleModel.

  • Loading branch information...
1 parent 4da5a3b commit ee3eb298e5a6a77b148f474415155bfee36aad74 @bendiy committed Mar 27, 2013
Showing with 64 additions and 48 deletions.
  1. +64 −48 node-datasource/routes/auth.js
@@ -54,64 +54,80 @@ regexp:true, undef:true, strict:true, trailing:true, white:true */
exports.scope = function (req, res, next) {
var userId = req.session.passport.user.id,
selectedOrg = req.body.org,
- userOrgColl = new XM.UserOrganizationCollection(),
- success = function (coll, response) {
- var privs;
- if (response.length === 0) {
- if (req.session && req.session.oauth2 && req.session.oauth2.redirectURI) {
- X.log("OAuth 2.0 User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
- res.redirect(req.session.oauth2.redirectURI + '?error=access_denied');
- return;
- }
-
- X.log("User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
- res.redirect('/logout');
+ user = new XM.User(),
+ options = {};
+
+ options.success = function (response) {
+ var privs,
+ userOrg,
+ userName;
+
+ if (response.length === 0) {
+ if (req.session && req.session.oauth2 && req.session.oauth2.redirectURI) {
+ X.log("OAuth 2.0 User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
+ res.redirect(req.session.oauth2.redirectURI + '?error=access_denied');
return;
}
- // We can now trust this user's request to log in to this organization.
+ X.log("User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
+ res.redirect('/logout');
+ return;
+ } else if (response.length > 1) {
+ X.log("More than one User: %@ exists.".f(userId));
+ res.redirect('/logout');
+ return;
+ }
- // Update the session store row to add the org choice and username.
- // Note: Updating this object magically persists the data into the SessionStore table.
+ // We can now trust this user's request to log in to this organization.
- privs = _.map(coll.models[0].getValue("user.privileges").models, function (privAss) {
- return privAss.getValue("privilege.name");
- });
- req.session.passport.user.globalPrivileges = privs;
- req.session.passport.user.organization = response[0].name;
- req.session.passport.user.username = response[0].username;
+ // Update the session store row to add the org choice and username.
+ // Note: Updating this object magically persists the data into the SessionStore table.
-// TODO - req.oauth probably isn't enough here, but it's working 2013-03-15...
- // If this is an OAuth 2.0 login with only 1 org.
- if (req.oauth2) {
- return next();
- }
+ privs = _.map(response.get("privileges"), function (privAss) {
+ return privAss.privilege.name;
+ });
- // If this is an OAuth 2.0 login with more than 1 org.
- if (req.session.returnTo) {
- res.redirect(req.session.returnTo);
- } else {
- // Redirect to start loading the client app.
- res.redirect('/client');
+ _.each(response.get('organizations'), function (orgValue, orgKey, orgList) {
+ if (orgValue.name === selectedOrg) {
+ userOrg = orgValue.name;
+ userName = orgValue.username;
}
- },
- error = function (model, error) {
- X.log("userorg fetch error", error);
- res.redirect('/logout');
- return;
- },
- query = {
- parameters: [{
- attribute: "user",
- value: userId
- }, {
- attribute: "name",
- value: selectedOrg
- }]
- };
+ });
+
+ req.session.passport.user.globalPrivileges = privs;
+ req.session.passport.user.organization = userOrg;
+ req.session.passport.user.username = userName;
+
+// TODO - req.oauth probably isn't enough here, but it's working 2013-03-15...
+ // If this is an OAuth 2.0 login with only 1 org.
+ if (req.oauth2) {
+ return next();
+ }
+
+ // If this is an OAuth 2.0 login with more than 1 org.
+ if (req.session.returnTo) {
+ res.redirect(req.session.returnTo);
+ } else {
+ // Redirect to start loading the client app.
+ res.redirect('/client');
+ }
+ };
+
+ options.error = function (model, error) {
+ X.log("userorg fetch error", error);
+ res.redirect('/logout');
+ return;
+ };
+
+
+ // The user id we're searching for.
+ options.id = userId;
+
+ // The user under whose authority the query is run.
+ options.username = X.options.globalDatabase.nodeUsername;
// Verify that the org is valid for the user.
- userOrgColl.fetch({ query: query, success: success, error: error });
+ user.fetch(options);
};
/**

0 comments on commit ee3eb29

Please sign in to comment.