Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Fix broken GlobalPrivs to session #216

Merged
merged 1 commit into from

2 participants

@bendiy
Owner

I'm not sure what the global privs in sessions are being used for, but I ran into it while debugging and saw that the current master doesn't assign them at login.

@shackbarth

I use it here:
https://github.com/xtuple/xtuple/blob/master/node-datasource/routes/maintenance.js#L342
and we will probably want to use it more as we see fit. It's important that it work right.

@shackbarth shackbarth merged commit 4bc67b1 into xtuple:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 27, 2013
  1. @bendiy
This page is out of date. Refresh to see the latest.
Showing with 64 additions and 48 deletions.
  1. +64 −48 node-datasource/routes/auth.js
View
112 node-datasource/routes/auth.js
@@ -54,64 +54,80 @@ regexp:true, undef:true, strict:true, trailing:true, white:true */
exports.scope = function (req, res, next) {
var userId = req.session.passport.user.id,
selectedOrg = req.body.org,
- userOrgColl = new XM.UserOrganizationCollection(),
- success = function (coll, response) {
- var privs;
- if (response.length === 0) {
- if (req.session && req.session.oauth2 && req.session.oauth2.redirectURI) {
- X.log("OAuth 2.0 User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
- res.redirect(req.session.oauth2.redirectURI + '?error=access_denied');
- return;
- }
-
- X.log("User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
- res.redirect('/logout');
+ user = new XM.User(),
+ options = {};
+
+ options.success = function (response) {
+ var privs,
+ userOrg,
+ userName;
+
+ if (response.length === 0) {
+ if (req.session && req.session.oauth2 && req.session.oauth2.redirectURI) {
+ X.log("OAuth 2.0 User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
+ res.redirect(req.session.oauth2.redirectURI + '?error=access_denied');
return;
}
- // We can now trust this user's request to log in to this organization.
+ X.log("User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
+ res.redirect('/logout');
+ return;
+ } else if (response.length > 1) {
+ X.log("More than one User: %@ exists.".f(userId));
+ res.redirect('/logout');
+ return;
+ }
- // Update the session store row to add the org choice and username.
- // Note: Updating this object magically persists the data into the SessionStore table.
+ // We can now trust this user's request to log in to this organization.
- privs = _.map(coll.models[0].getValue("user.privileges").models, function (privAss) {
- return privAss.getValue("privilege.name");
- });
- req.session.passport.user.globalPrivileges = privs;
- req.session.passport.user.organization = response[0].name;
- req.session.passport.user.username = response[0].username;
+ // Update the session store row to add the org choice and username.
+ // Note: Updating this object magically persists the data into the SessionStore table.
-// TODO - req.oauth probably isn't enough here, but it's working 2013-03-15...
- // If this is an OAuth 2.0 login with only 1 org.
- if (req.oauth2) {
- return next();
- }
+ privs = _.map(response.get("privileges"), function (privAss) {
+ return privAss.privilege.name;
+ });
- // If this is an OAuth 2.0 login with more than 1 org.
- if (req.session.returnTo) {
- res.redirect(req.session.returnTo);
- } else {
- // Redirect to start loading the client app.
- res.redirect('/client');
+ _.each(response.get('organizations'), function (orgValue, orgKey, orgList) {
+ if (orgValue.name === selectedOrg) {
+ userOrg = orgValue.name;
+ userName = orgValue.username;
}
- },
- error = function (model, error) {
- X.log("userorg fetch error", error);
- res.redirect('/logout');
- return;
- },
- query = {
- parameters: [{
- attribute: "user",
- value: userId
- }, {
- attribute: "name",
- value: selectedOrg
- }]
- };
+ });
+
+ req.session.passport.user.globalPrivileges = privs;
+ req.session.passport.user.organization = userOrg;
+ req.session.passport.user.username = userName;
+
+// TODO - req.oauth probably isn't enough here, but it's working 2013-03-15...
+ // If this is an OAuth 2.0 login with only 1 org.
+ if (req.oauth2) {
+ return next();
+ }
+
+ // If this is an OAuth 2.0 login with more than 1 org.
+ if (req.session.returnTo) {
+ res.redirect(req.session.returnTo);
+ } else {
+ // Redirect to start loading the client app.
+ res.redirect('/client');
+ }
+ };
+
+ options.error = function (model, error) {
+ X.log("userorg fetch error", error);
+ res.redirect('/logout');
+ return;
+ };
+
+
+ // The user id we're searching for.
+ options.id = userId;
+
+ // The user under whose authority the query is run.
+ options.username = X.options.globalDatabase.nodeUsername;
// Verify that the org is valid for the user.
- userOrgColl.fetch({ query: query, success: success, error: error });
+ user.fetch(options);
};
/**
Something went wrong with that request. Please try again.