Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fix broken GlobalPrivs to session #216

Merged
merged 1 commit into from

2 participants

@bendiy
Owner

I'm not sure what the global privs in sessions are being used for, but I ran into it while debugging and saw that the current master doesn't assign them at login.

@shackbarth

I use it here:
https://github.com/xtuple/xtuple/blob/master/node-datasource/routes/maintenance.js#L342
and we will probably want to use it more as we see fit. It's important that it work right.

@shackbarth shackbarth merged commit 4bc67b1 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 27, 2013
  1. @bendiy
This page is out of date. Refresh to see the latest.
Showing with 64 additions and 48 deletions.
  1. +64 −48 node-datasource/routes/auth.js
View
112 node-datasource/routes/auth.js
@@ -54,64 +54,80 @@ regexp:true, undef:true, strict:true, trailing:true, white:true */
exports.scope = function (req, res, next) {
var userId = req.session.passport.user.id,
selectedOrg = req.body.org,
- userOrgColl = new XM.UserOrganizationCollection(),
- success = function (coll, response) {
- var privs;
- if (response.length === 0) {
- if (req.session && req.session.oauth2 && req.session.oauth2.redirectURI) {
- X.log("OAuth 2.0 User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
- res.redirect(req.session.oauth2.redirectURI + '?error=access_denied');
- return;
- }
-
- X.log("User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
- res.redirect('/logout');
+ user = new XM.User(),
+ options = {};
+
+ options.success = function (response) {
+ var privs,
+ userOrg,
+ userName;
+
+ if (response.length === 0) {
+ if (req.session && req.session.oauth2 && req.session.oauth2.redirectURI) {
+ X.log("OAuth 2.0 User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
+ res.redirect(req.session.oauth2.redirectURI + '?error=access_denied');
return;
}
- // We can now trust this user's request to log in to this organization.
+ X.log("User %@ has no business trying to log in to organization %@.".f(userId, selectedOrg));
+ res.redirect('/logout');
+ return;
+ } else if (response.length > 1) {
+ X.log("More than one User: %@ exists.".f(userId));
+ res.redirect('/logout');
+ return;
+ }
- // Update the session store row to add the org choice and username.
- // Note: Updating this object magically persists the data into the SessionStore table.
+ // We can now trust this user's request to log in to this organization.
- privs = _.map(coll.models[0].getValue("user.privileges").models, function (privAss) {
- return privAss.getValue("privilege.name");
- });
- req.session.passport.user.globalPrivileges = privs;
- req.session.passport.user.organization = response[0].name;
- req.session.passport.user.username = response[0].username;
+ // Update the session store row to add the org choice and username.
+ // Note: Updating this object magically persists the data into the SessionStore table.
-// TODO - req.oauth probably isn't enough here, but it's working 2013-03-15...
- // If this is an OAuth 2.0 login with only 1 org.
- if (req.oauth2) {
- return next();
- }
+ privs = _.map(response.get("privileges"), function (privAss) {
+ return privAss.privilege.name;
+ });
- // If this is an OAuth 2.0 login with more than 1 org.
- if (req.session.returnTo) {
- res.redirect(req.session.returnTo);
- } else {
- // Redirect to start loading the client app.
- res.redirect('/client');
+ _.each(response.get('organizations'), function (orgValue, orgKey, orgList) {
+ if (orgValue.name === selectedOrg) {
+ userOrg = orgValue.name;
+ userName = orgValue.username;
}
- },
- error = function (model, error) {
- X.log("userorg fetch error", error);
- res.redirect('/logout');
- return;
- },
- query = {
- parameters: [{
- attribute: "user",
- value: userId
- }, {
- attribute: "name",
- value: selectedOrg
- }]
- };
+ });
+
+ req.session.passport.user.globalPrivileges = privs;
+ req.session.passport.user.organization = userOrg;
+ req.session.passport.user.username = userName;
+
+// TODO - req.oauth probably isn't enough here, but it's working 2013-03-15...
+ // If this is an OAuth 2.0 login with only 1 org.
+ if (req.oauth2) {
+ return next();
+ }
+
+ // If this is an OAuth 2.0 login with more than 1 org.
+ if (req.session.returnTo) {
+ res.redirect(req.session.returnTo);
+ } else {
+ // Redirect to start loading the client app.
+ res.redirect('/client');
+ }
+ };
+
+ options.error = function (model, error) {
+ X.log("userorg fetch error", error);
+ res.redirect('/logout');
+ return;
+ };
+
+
+ // The user id we're searching for.
+ options.id = userId;
+
+ // The user under whose authority the query is run.
+ options.username = X.options.globalDatabase.nodeUsername;
// Verify that the org is valid for the user.
- userOrgColl.fetch({ query: query, success: success, error: error });
+ user.fetch(options);
};
/**
Something went wrong with that request. Please try again.