Contact
CoCalc Logo Icon
StoreFeaturesDocsShareSupport News AboutSign UpSign In
| Download
Views: 39538
1
###

2
Access permissions related to projects for a given user (or project)

3
###

4


5
async   = require('async')

6
winston = require('winston')

7


8
misc    = require('smc-util/misc')

9
{defaults, required} = misc

10


11
user_is_in_project_group = (opts) ->

12
    opts = defaults opts,

13
        project_id     : required

14
        account_id     : undefined

15
        account_groups : undefined

16
        groups         : required

17
        database       : required

18
        cb             : required        # cb(err, true or false)

19
    dbg = (m) -> winston.debug("user_is_in_project_group -- #{m}")

20
    dbg()

21
    if not opts.account_id?

22
        dbg("not logged in, so for now we just say 'no' -- this may change soon.")

23
        opts.cb(undefined, false) # do not have access

24
        return

25


26
    access = false

27
    async.series([

28
        (cb) ->

29
            dbg("check if admin or in appropriate group -- #{misc.to_json(opts.account_groups)}")

30
            if opts.account_groups? and 'admin' in opts.account_groups  # check also done below!

31
                access = true

32
                cb()

33
            else

34
                opts.database.user_is_in_project_group

35
                    project_id     : opts.project_id

36
                    account_id     : opts.account_id

37
                    groups         : opts.groups

38
                    cb             : (err, x) ->

39
                        access = x

40
                        cb(err)

41
        (cb) ->

42
            if access

43
                cb() # done

44
            else if opts.account_groups?

45
                # already decided above

46
                cb()

47
            else

48
                # User does not have access in normal way and account_groups not provided, so

49
                # we do an extra group check before denying user.

50
                opts.database.get_account

51
                    columns    : ['groups']

52
                    account_id : opts.account_id

53
                    cb         : (err, r) ->

54
                        if err

55
                            cb(err)

56
                        else

57
                            access = 'admin' in (r['groups'] ? [])

58
                            cb()

59
        ], (err) ->

60
            dbg("done with tests -- now access=#{access}, err=#{err}")

61
            opts.cb(err, access)

62
        )

63


64
exports.user_has_write_access_to_project = (opts) ->

65
    opts.groups = ['owner', 'collaborator']

66
    user_is_in_project_group(opts)

67


68
exports.user_has_read_access_to_project = (opts) ->

69
    # Read access is granted if user is in any of the groups listed below (owner, collaborator, or *viewer*).

70
    #dbg = (m) -> winston.debug("user_has_read_access_to_project #{opts.project_id}, #{opts.account_id}; #{m}")

71
    opts.groups = ['owner', 'collaborator', 'viewer']

72
    user_is_in_project_group(opts)

73


74