Added the user as argument in the privilege managers

AdrienCastex · AdrienCastex · commit 8908c870fed8 · 2017-06-30T16:56:17.000+02:00
diff --git a/lib/user/v2/IUser.d.ts b/lib/user/v2/IUser.d.ts
@@ -1,7 +1,7 @@
 export interface IUser {
     uid: string;
-    isAdministrator: boolean;
-    isDefaultUser: boolean;
-    password: string;
+    isAdministrator?: boolean;
+    isDefaultUser?: boolean;
     username: string;
+    password?: string;
 }
diff --git a/lib/user/v2/authentication/HTTPAuthentication.d.ts b/lib/user/v2/authentication/HTTPAuthentication.d.ts
@@ -4,5 +4,5 @@ export interface HTTPAuthentication {
     askForAuthentication(): {
         [headeName: string]: string;
     };
-    getUser(arg: HTTPRequestContext, callback: (error: Error, user?: IUser) => void): void;
+    getUser(ctx: HTTPRequestContext, callback: (error: Error, user?: IUser) => void): void;
 }
diff --git a/lib/user/v2/authentication/HTTPBasicAuthentication.d.ts b/lib/user/v2/authentication/HTTPBasicAuthentication.d.ts
@@ -9,5 +9,5 @@ export declare class HTTPBasicAuthentication implements HTTPAuthentication {
     askForAuthentication(): {
         'WWW-Authenticate': string;
     };
-    getUser(arg: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;
+    getUser(ctx: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;
 }
diff --git a/lib/user/v2/authentication/HTTPBasicAuthentication.js b/lib/user/v2/authentication/HTTPBasicAuthentication.js
@@ -12,14 +12,14 @@ var HTTPBasicAuthentication = (function () {
             'WWW-Authenticate': 'Basic realm="' + this.realm + '"'
         };
     };
-    HTTPBasicAuthentication.prototype.getUser = function (arg, callback) {
+    HTTPBasicAuthentication.prototype.getUser = function (ctx, callback) {
         var _this = this;
         var onError = function (error) {
             _this.userManager.getDefaultUser(function (defaultUser) {
                 callback(error, defaultUser);
             });
         };
-        var authHeader = arg.headers.find('Authorization');
+        var authHeader = ctx.headers.find('Authorization');
         if (!authHeader) {
             onError(Errors_1.Errors.MissingAuthorisationHeader);
             return;
diff --git a/lib/user/v2/authentication/HTTPDigestAuthentication.d.ts b/lib/user/v2/authentication/HTTPDigestAuthentication.d.ts
@@ -11,5 +11,5 @@ export declare class HTTPDigestAuthentication implements HTTPAuthentication {
     askForAuthentication(): {
         'WWW-Authenticate': string;
     };
-    getUser(arg: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;
+    getUser(ctx: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;
 }
diff --git a/lib/user/v2/authentication/HTTPDigestAuthentication.js b/lib/user/v2/authentication/HTTPDigestAuthentication.js
@@ -24,14 +24,14 @@ var HTTPDigestAuthentication = (function () {
             'WWW-Authenticate': 'Digest realm="' + this.realm + '", qop="auth", nonce="' + this.generateNonce() + '", opaque="' + this.generateNonce() + '"'
         };
     };
-    HTTPDigestAuthentication.prototype.getUser = function (arg, callback) {
+    HTTPDigestAuthentication.prototype.getUser = function (ctx, callback) {
         var _this = this;
         var onError = function (error) {
             _this.userManager.getDefaultUser(function (defaultUser) {
                 callback(error, defaultUser);
             });
         };
-        var authHeader = arg.headers.find('Authorization');
+        var authHeader = ctx.headers.find('Authorization');
         if (!authHeader)
             return onError(Errors_1.Errors.MissingAuthorisationHeader);
         if (!/^Digest (\s*[a-zA-Z]+\s*=\s*(("(\\"|[^"])+")|([^,\s]+))?\s*(,|$))+$/.test(authHeader))
@@ -56,9 +56,9 @@ var HTTPDigestAuthentication = (function () {
                 ha1 = md5(ha1 + ':' + authProps.nonce + ':' + authProps.cnonce);
             var ha2;
             if (authProps.qop === 'auth-int')
-                return onError(Errors_1.Errors.WrongHeaderFormat); // ha2 = md5(arg.request.method.toString().toUpperCase() + ':' + arg.requested.uri + ':' + md5(...));
+                return onError(Errors_1.Errors.WrongHeaderFormat); // ha2 = md5(ctx.request.method.toString().toUpperCase() + ':' + ctx.requested.uri + ':' + md5(...));
             else
-                ha2 = md5(arg.request.method.toString().toUpperCase() + ':' + arg.requested.uri);
+                ha2 = md5(ctx.request.method.toString().toUpperCase() + ':' + ctx.requested.uri);
             var result;
             if (authProps.qop === 'auth-int' || authProps.qop === 'auth')
                 result = md5(ha1 + ':' + authProps.nonce + ':' + authProps.nc + ':' + authProps.cnonce + ':' + authProps.qop + ':' + ha2);
diff --git a/lib/user/v2/privilege/PrivilegeManager.d.ts b/lib/user/v2/privilege/PrivilegeManager.d.ts
@@ -1,23 +1,24 @@
 import { Resource, Path } from '../../../manager/v2/export';
+import { IUser } from '../IUser';
 export declare type PrivilegeManagerCallback = (error: Error, hasAccess: boolean) => void;
-export declare type PrivilegeManagerMethod = (fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback) => void;
+export declare type PrivilegeManagerMethod = (fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback) => void;
 export declare type BasicPrivilege = 'canWrite' | 'canWriteLocks' | 'canWriteContent' | 'canWriteContentTranslated' | 'canWriteContentSource' | 'canWriteProperties' | 'canRead' | 'canReadLocks' | 'canReadContent' | 'canReadContentTranslated' | 'canReadContentSource' | 'canReadProperties';
 export declare class PrivilegeManager {
     can(fullPath: Path | string, resource: Resource, privilege: BasicPrivilege, callback: PrivilegeManagerCallback): void;
     can(fullPath: Path | string, resource: Resource, privilege: string, callback: PrivilegeManagerCallback): void;
     can(fullPath: Path | string, resource: Resource, privilege: BasicPrivilege[], callback: PrivilegeManagerCallback): void;
     can(fullPath: Path | string, resource: Resource, privilege: string[], callback: PrivilegeManagerCallback): void;
-    protected _can?(fullPath: Path, resource: Resource, privilege: string, callback: PrivilegeManagerCallback): void;
-    protected canWrite(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canWriteLocks(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canWriteContent(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canWriteContentTranslated(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canWriteContentSource(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canWriteProperties(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canRead(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canReadLocks(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canReadContent(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canReadContentTranslated(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canReadContentSource(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
-    protected canReadProperties(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected _can?(fullPath: Path, user: IUser, resource: Resource, privilege: string, callback: PrivilegeManagerCallback): void;
+    protected canWrite(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canWriteLocks(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canWriteContent(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canWriteContentTranslated(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canWriteContentSource(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canWriteProperties(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canRead(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canReadLocks(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canReadContent(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canReadContentTranslated(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canReadContentSource(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
+    protected canReadProperties(fullPath: Path, user: IUser, resource: Resource, callback: PrivilegeManagerCallback): void;
 }
diff --git a/lib/user/v2/privilege/PrivilegeManager.js b/lib/user/v2/privilege/PrivilegeManager.js
@@ -2,9 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 var export_1 = require("../../../manager/v2/export");
 var Workflow_1 = require("../../../helper/Workflow");
-function checkAll(pm, fns, fullPath, resource, callback) {
+function checkAll(pm, fns, fullPath, user, resource, callback) {
     new Workflow_1.Workflow()
-        .each(fns, function (fn, cb) { return fn.bind(pm)(fullPath, resource, cb); })
+        .each(fns, function (fn, cb) { return fn.bind(pm)(fullPath, user, resource, cb); })
         .error(function (e) { return callback(e, false); })
         .done(function (successes) { return callback(null, successes.every(function (b) { return !!b; })); });
 }
@@ -13,6 +13,9 @@ var PrivilegeManager = (function () {
     }
     PrivilegeManager.prototype.can = function (_fullPath, resource, _privilege, callback) {
         var _this = this;
+        var user = resource.context.user;
+        if (user && user.isAdministrator)
+            return callback(null, true);
         if (_privilege.constructor !== String) {
             new Workflow_1.Workflow()
                 .each(_privilege, function (privilege, cb) { return _this.can(_fullPath, resource, privilege, cb); })
@@ -23,61 +26,61 @@ var PrivilegeManager = (function () {
         var fullPath = new export_1.Path(_fullPath);
         var privilege = _privilege;
         if (this._can)
-            return this._can(fullPath, resource, privilege, callback);
+            return this._can(fullPath, user, resource, privilege, callback);
         var method = this[privilege];
         if (method)
-            method.bind(this)(fullPath, resource, callback);
+            method.bind(this)(fullPath, user, resource, callback);
         else
             callback(null, true);
     };
-    PrivilegeManager.prototype.canWrite = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canWrite = function (fullPath, user, resource, callback) {
         checkAll(this, [
             this.canWriteLocks,
             this.canWriteContent,
             this.canWriteProperties
-        ], fullPath, resource, callback);
+        ], fullPath, user, resource, callback);
     };
-    PrivilegeManager.prototype.canWriteLocks = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canWriteLocks = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canWriteContent = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canWriteContent = function (fullPath, user, resource, callback) {
         checkAll(this, [
             this.canWriteContentSource,
             this.canWriteContentTranslated
-        ], fullPath, resource, callback);
+        ], fullPath, user, resource, callback);
     };
-    PrivilegeManager.prototype.canWriteContentTranslated = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canWriteContentTranslated = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canWriteContentSource = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canWriteContentSource = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canWriteProperties = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canWriteProperties = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canRead = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canRead = function (fullPath, user, resource, callback) {
         checkAll(this, [
             this.canReadLocks,
             this.canReadContent,
             this.canReadProperties
-        ], fullPath, resource, callback);
+        ], fullPath, user, resource, callback);
     };
-    PrivilegeManager.prototype.canReadLocks = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canReadLocks = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canReadContent = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canReadContent = function (fullPath, user, resource, callback) {
         checkAll(this, [
             this.canReadContentSource,
             this.canReadContentTranslated
-        ], fullPath, resource, callback);
+        ], fullPath, user, resource, callback);
     };
-    PrivilegeManager.prototype.canReadContentTranslated = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canReadContentTranslated = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canReadContentSource = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canReadContentSource = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
-    PrivilegeManager.prototype.canReadProperties = function (fullPath, resource, callback) {
+    PrivilegeManager.prototype.canReadProperties = function (fullPath, user, resource, callback) {
         callback(null, true);
     };
     return PrivilegeManager;
diff --git a/lib/user/v2/privilege/SimplePathPrivilegeManager.d.ts b/lib/user/v2/privilege/SimplePathPrivilegeManager.d.ts
@@ -6,5 +6,5 @@ export declare class SimplePathPrivilegeManager extends PrivilegeManager {
     constructor();
     setRights(user: IUser, path: string, rights: BasicPrivilege[] | string[]): void;
     getRights(user: IUser, path: string): string[];
-    _can(fullPath: Path, resource: Resource, privilege: BasicPrivilege | string, callback: PrivilegeManagerCallback): void;
+    _can(fullPath: Path, user: IUser, resource: Resource, privilege: BasicPrivilege | string, callback: PrivilegeManagerCallback): void;
 }
diff --git a/lib/user/v2/privilege/SimplePathPrivilegeManager.js b/lib/user/v2/privilege/SimplePathPrivilegeManager.js
@@ -61,12 +61,9 @@ var SimplePathPrivilegeManager = (function (_super) {
                 }
         return Object.keys(rights);
     };
-    SimplePathPrivilegeManager.prototype._can = function (fullPath, resource, privilege, callback) {
-        var user = resource.context.user;
+    SimplePathPrivilegeManager.prototype._can = function (fullPath, user, resource, privilege, callback) {
         if (!user)
             return callback(null, false);
-        if (user.isAdministrator)
-            return callback(null, true);
         var rights = this.getRights(user, export_1.Path.toString());
         var can = !!rights && rights.some(function (r) { return r === 'all' || r === privilege; });
         callback(null, can);
diff --git a/src/user/v2/IUser.ts b/src/user/v2/IUser.ts
@@ -3,8 +3,8 @@ export interface IUser
 {
     uid : string
     
-    isAdministrator : boolean
-    isDefaultUser : boolean
-    password : string
+    isAdministrator ?: boolean
+    isDefaultUser ?: boolean
     username : string
+    password ?: string
 }
diff --git a/src/user/v2/authentication/HTTPAuthentication.ts b/src/user/v2/authentication/HTTPAuthentication.ts
@@ -7,5 +7,5 @@ export interface HTTPAuthentication
     askForAuthentication() : {
         [headeName : string] : string
     }
-    getUser(arg : HTTPRequestContext, callback : (error : Error, user ?: IUser) => void) : void
+    getUser(ctx : HTTPRequestContext, callback : (error : Error, user ?: IUser) => void) : void
 }
diff --git a/src/user/v2/authentication/HTTPBasicAuthentication.ts b/src/user/v2/authentication/HTTPBasicAuthentication.ts
@@ -16,7 +16,7 @@ export class HTTPBasicAuthentication implements HTTPAuthentication
         }
     }
 
-    getUser(arg : HTTPRequestContext, callback : (error : Error, user : IUser) => void)
+    getUser(ctx : HTTPRequestContext, callback : (error : Error, user : IUser) => void)
     {
         const onError = (error : Error) =>
         {
@@ -25,7 +25,7 @@ export class HTTPBasicAuthentication implements HTTPAuthentication
             })
         }
 
-        const authHeader = arg.headers.find('Authorization')
+        const authHeader = ctx.headers.find('Authorization')
         if(!authHeader)
         {
             onError(Errors.MissingAuthorisationHeader)
diff --git a/src/user/v2/authentication/HTTPDigestAuthentication.ts b/src/user/v2/authentication/HTTPDigestAuthentication.ts
@@ -31,7 +31,7 @@ export class HTTPDigestAuthentication implements HTTPAuthentication
         }
     }
 
-    getUser(arg : HTTPRequestContext, callback : (error : Error, user : IUser) => void)
+    getUser(ctx : HTTPRequestContext, callback : (error : Error, user : IUser) => void)
     {
         const onError = (error : Error) =>
         {
@@ -40,7 +40,7 @@ export class HTTPDigestAuthentication implements HTTPAuthentication
             })
         }
 
-        let authHeader = arg.headers.find('Authorization')
+        let authHeader = ctx.headers.find('Authorization')
         if(!authHeader)
             return onError(Errors.MissingAuthorisationHeader);
         if(!/^Digest (\s*[a-zA-Z]+\s*=\s*(("(\\"|[^"])+")|([^,\s]+))?\s*(,|$))+$/.test(authHeader))
@@ -73,9 +73,9 @@ export class HTTPDigestAuthentication implements HTTPAuthentication
 
             let ha2;
             if(authProps.qop === 'auth-int')
-                return onError(Errors.WrongHeaderFormat); // ha2 = md5(arg.request.method.toString().toUpperCase() + ':' + arg.requested.uri + ':' + md5(...));
+                return onError(Errors.WrongHeaderFormat); // ha2 = md5(ctx.request.method.toString().toUpperCase() + ':' + ctx.requested.uri + ':' + md5(...));
             else
-                ha2 = md5(arg.request.method.toString().toUpperCase() + ':' + arg.requested.uri);
+                ha2 = md5(ctx.request.method.toString().toUpperCase() + ':' + ctx.requested.uri);
 
             let result;
             if(authProps.qop === 'auth-int' || authProps.qop === 'auth')
diff --git a/src/user/v2/privilege/PrivilegeManager.ts b/src/user/v2/privilege/PrivilegeManager.ts
diff --git a/src/user/v2/privilege/SimplePathPrivilegeManager.ts b/src/user/v2/privilege/SimplePathPrivilegeManager.ts

Original file line number	Diff line number	Diff line change
`@@ -4,5 +4,5 @@ export interface HTTPAuthentication {`
`4`	`4`	`askForAuthentication(): {`
`5`	`5`	`[headeName: string]: string;`
`6`	`6`	`};`
`7`		`- getUser(arg: HTTPRequestContext, callback: (error: Error, user?: IUser) => void): void;`
	`7`	`+ getUser(ctx: HTTPRequestContext, callback: (error: Error, user?: IUser) => void): void;`
`8`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,5 @@ export declare class HTTPBasicAuthentication implements HTTPAuthentication {`
`9`	`9`	`askForAuthentication(): {`
`10`	`10`	`'WWW-Authenticate': string;`
`11`	`11`	`};`
`12`		`- getUser(arg: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;`
	`12`	`+ getUser(ctx: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,5 +11,5 @@ export declare class HTTPDigestAuthentication implements HTTPAuthentication {`
`11`	`11`	`askForAuthentication(): {`
`12`	`12`	`'WWW-Authenticate': string;`
`13`	`13`	`};`
`14`		`- getUser(arg: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;`
	`14`	`+ getUser(ctx: HTTPRequestContext, callback: (error: Error, user: IUser) => void): void;`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,5 +6,5 @@ export declare class SimplePathPrivilegeManager extends PrivilegeManager {`
`6`	`6`	`constructor();`
`7`	`7`	`setRights(user: IUser, path: string, rights: BasicPrivilege[] \| string[]): void;`
`8`	`8`	`getRights(user: IUser, path: string): string[];`
`9`		`- _can(fullPath: Path, resource: Resource, privilege: BasicPrivilege \| string, callback: PrivilegeManagerCallback): void;`
	`9`	`+ _can(fullPath: Path, user: IUser, resource: Resource, privilege: BasicPrivilege \| string, callback: PrivilegeManagerCallback): void;`
`10`	`10`	`}`