From 6146c3ec6857fe231a9212f0e66f3bd8acd4dee6 Mon Sep 17 00:00:00 2001
From: Hermann <blumh@student.ethz.ch>
Date: Mon, 28 May 2018 22:16:19 +0200
Subject: [PATCH] (a bit dirty) fix for user filtering based on rights
---
src/auth.js | 24 ++++++++++++++++++++----
src/resourceConfig.json | 2 +-
src/users/userTool.js | 4 ++--
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/auth.js b/src/auth.js
index 4d9c86c..8f15d4c 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -9,6 +9,9 @@ import config from './resourceConfig.json';
const APISession = {
authenticated: false,
token: '',
+ // user admins are a very special case as the permissions on the resource can only
+ // be seen by requesting users and check whether you see their membership
+ isUserAdmin: false
};
// OAuth Handler
@@ -36,7 +39,7 @@ function checkToken(token) {
amivapi.get('users', {
headers: { 'Content-Type': 'application/json', Authorization: token },
}).then((response) => {
- if (response.status === 200) resolve();
+ if (response.status === 200) resolve(response.data);
else reject();
}).catch(reject);
});
@@ -53,9 +56,15 @@ export function checkAuthenticated() {
console.log(`found this token: ${token}`);
if (token !== '') {
// check of token is valid
- checkToken(token).then(() => {
+ checkToken(token).then((users) => {
APISession.token = token;
APISession.authenticated = true;
+ // if we see the membership of more than 1 person in the response, we
+ // have admin rights on users
+ if (users._items[0].membership && users._items[1].membership) {
+ APISession.isUserAdmin = true;
+ }
+ console.log(APISession);
resolve();
}).catch(resetSession);
} else resetSession();
@@ -89,11 +98,18 @@ export class ResourceHandler {
*/
constructor(resource, searchKeys = false) {
this.resource = resource;
- this.searchKeys = searchKeys || config[resource].searchKeys;
+ // special case for users
+ if (resource === 'users') this.searchKeys = ['firstname', 'lastname', 'nethz'];
+ else this.searchKeys = searchKeys || config[resource].searchKeys;
this.noPatchKeys = [
'_etag', '_id', '_created', '_links', '_updated',
...(config[resource].notPatchableKeys || [])];
- checkAuthenticated();
+ checkAuthenticated().then(() => {
+ // again special case for users
+ if (resource === 'users' && APISession.isUserAdmin) {
+ this.searchKeys = searchKeys || config[resource].searchKeys;
+ }
+ });
}
/*
diff --git a/src/resourceConfig.json b/src/resourceConfig.json
index a2116d0..253ccd3 100644
--- a/src/resourceConfig.json
+++ b/src/resourceConfig.json
@@ -65,7 +65,7 @@
"lastname",
"nethz",
"legi",
- "department"
+ "email"
],
"notPatchableKeys": [
"password_set"
diff --git a/src/users/userTool.js b/src/users/userTool.js
index c4c9212..38355e3 100644
--- a/src/users/userTool.js
+++ b/src/users/userTool.js
@@ -4,7 +4,7 @@ import ViewUser from './viewUser';
import TableView from '../views/tableView';
import { users as config } from '../resourceConfig.json';
import DatalistController from '../listcontroller';
-import ItemController from '../itemcontroller'
+import ItemController from '../itemcontroller';
export class UserItem {
constructor() {
@@ -20,7 +20,7 @@ export class UserItem {
export class UserTable {
constructor() {
- this.ctrl = new DatalistController('users', {}, config.tableKeys);
+ this.ctrl = new DatalistController('users');
}
view() {
return m(TableView, {
--
GitLab