mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 14:47:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

db/SecurityManager: use jshint

Browse source
This commit is contained in:
booo 2011-12-22 12:01:32 +01:00
parent d63b7cf188
commit 8f208ca444
1 changed files with 27 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

54
node/db/SecurityManager.js
View file

@ -24,18 +24,18 @@ var async = require("async");
var authorManager = require("./AuthorManager"); var authorManager = require("./AuthorManager");
var padManager = require("./PadManager"); var padManager = require("./PadManager");
var sessionManager = require("./SessionManager"); var sessionManager = require("./SessionManager");
var settings = require("../utils/Settings") var settings = require("../utils/Settings");
/** /**
* This function controlls the access to a pad, it checks if the user can access a pad. * This function controlls the access to a pad, it checks if the user can access a pad.
* @param padID the pad the user wants to access * @param padID the pad the user wants to access
* @param sesssionID the session the user has (set via api) * @param sesssionID the session the user has (set via api)
* @param token the token of the author (randomly generated at client side, used for public pads) * @param token the token of the author (randomly generated at client side, used for public pads)
* @param password the password the user has given to access this pad, can be null * @param password the password the user has given to access this pad, can be null
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx}) * @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
*/ */
exports.checkAccess = function (padID, sessionID, token, password, callback) exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
var statusObject; var statusObject;
// a valid session is required (api-only mode) // a valid session is required (api-only mode)
@ -58,7 +58,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
authorManager.getAuthor4Token(token, function(err, author) authorManager.getAuthor4Token(token, function(err, author)
{ {
if(ERR(err, callback)) return; if(ERR(err, callback)) return;
// assume user has access // assume user has access
statusObject = {accessStatus: "grant", authorID: author}; statusObject = {accessStatus: "grant", authorID: author};
// user can't create pads // user can't create pads
@ -68,7 +68,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
padManager.doesPadExists(padID, function(err, exists) padManager.doesPadExists(padID, function(err, exists)
{ {
if(ERR(err, callback)) return; if(ERR(err, callback)) return;
// pad doesn't exist - user can't have access // pad doesn't exist - user can't have access
if(!exists) statusObject.accessStatus = "deny"; if(!exists) statusObject.accessStatus = "deny";
// grant or deny access, with author of token // grant or deny access, with author of token
@ -81,13 +81,13 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
// grant access, with author of token // grant access, with author of token
callback(null, statusObject); callback(null, statusObject);
} }
}) });
//don't continue //don't continue
return; return;
} }
} }
var groupID = padID.split("$")[0]; var groupID = padID.split("$")[0];
var padExists = false; var padExists = false;
var validSession = false; var validSession = false;
@ -95,10 +95,10 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
var tokenAuthor; var tokenAuthor;
var isPublic; var isPublic;
var isPasswordProtected; var isPasswordProtected;
var passwordStatus = password == null ? "notGiven" : "wrong"; // notGiven, correct, wrong var passwordStatus = password === null ? "notGiven" : "wrong"; // notGiven, correct, wrong
async.series([ async.series([
//get basic informations from the database //get basic informations from the database
function(callback) function(callback)
{ {
async.parallel([ async.parallel([
@ -123,19 +123,19 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
callback(); callback();
return; return;
} }
if(ERR(err, callback)) return; if(ERR(err, callback)) return;
var now = Math.floor(new Date().getTime()/1000); var now = Math.floor(new Date().getTime()/1000);
//is it for this group? and is validUntil still ok? --> validSession //is it for this group? and is validUntil still ok? --> validSession
if(sessionInfo.groupID == groupID && sessionInfo.validUntil > now) if(sessionInfo.groupID == groupID && sessionInfo.validUntil > now)
{ {
validSession = true; validSession = true;
} }
sessionAuthor = sessionInfo.authorID; sessionAuthor = sessionInfo.authorID;
callback(); callback();
}); });
}, },
@ -156,28 +156,28 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
function(callback) function(callback)
{ {
//skip this if the pad doesn't exists //skip this if the pad doesn't exists
if(padExists == false) if(!padExists)
{ {
callback(); callback();
return; return;
} }
padManager.getPad(padID, function(err, pad) padManager.getPad(padID, function(err, pad)
{ {
if(ERR(err, callback)) return; if(ERR(err, callback)) return;
//is it a public pad? //is it a public pad?
isPublic = pad.getPublicStatus(); isPublic = pad.getPublicStatus();
//is it password protected? //is it password protected?
isPasswordProtected = pad.isPasswordProtected(); isPasswordProtected = pad.isPasswordProtected();
//is password correct? //is password correct?
if(isPasswordProtected && password && pad.isCorrectPassword(password)) if(isPasswordProtected && password && pad.isCorrectPassword(password))
{ {
passwordStatus = "correct"; passwordStatus = "correct";
} }
callback(); callback();
}); });
}, },
@ -214,7 +214,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
throw new Error("Ops, something wrong happend"); throw new Error("Ops, something wrong happend");
} }
} }
//- a valid session for this group avaible but pad doesn't exists //- a valid session for this group avaible but pad doesn't exists
else if(validSession && !padExists) else if(validSession && !padExists)
{ {
@ -238,7 +238,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
//--> grant access, with author of token //--> grant access, with author of token
statusObject = {accessStatus: "grant", authorID: tokenAuthor}; statusObject = {accessStatus: "grant", authorID: tokenAuthor};
} }
//- its public and the pad is password protected but wrong password given //- its public and the pad is password protected but wrong password given
else if(isPublic && isPasswordProtected && passwordStatus == "wrong") else if(isPublic && isPasswordProtected && passwordStatus == "wrong")
{ {
//--> deny access, ask for new password and tell them that the password is wrong //--> deny access, ask for new password and tell them that the password is wrong
@ -260,14 +260,14 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
throw new Error("Ops, something wrong happend"); throw new Error("Ops, something wrong happend");
} }
} }
// there is no valid session avaiable AND pad doesn't exists // there is no valid session avaiable AND pad doesn't exists
else else
{ {
//--> deny access //--> deny access
statusObject = {accessStatus: "deny"}; statusObject = {accessStatus: "deny"};
} }
callback(); callback();
} }
], function(err) ], function(err)
@ -275,4 +275,4 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
if(ERR(err, callback)) return; if(ERR(err, callback)) return;
callback(null, statusObject); callback(null, statusObject);
}); });
} };