kopia lustrzana https://github.com/c9/core
split computing the role and enforcing it so we can cache more
Fabian Jakobs
rodzic
c4eea5501b
commit
c2e82981b7
|
|
@ -79,15 +79,6 @@ define(function(require, exports, module) {
|
||||||
project.getRole(req.session.uid, function(err, role) {
|
project.getRole(req.session.uid, function(err, role) {
|
||||||
if (err) return next(err);
|
if (err) return next(err);
|
||||||
|
|
||||||
if (role == db.Project.ROLE_NONE) {
|
|
||||||
if (project.isPublicPreview())
|
|
||||||
role = db.Project.ROLE_VISITOR;
|
|
||||||
else if (req.session.uid == -1)
|
|
||||||
return next(new error.Unauthorized());
|
|
||||||
else
|
|
||||||
return next(new error.Forbidden("You don't have access rights to preview this workspace"));
|
|
||||||
}
|
|
||||||
|
|
||||||
var wsSession = {
|
var wsSession = {
|
||||||
role: role,
|
role: role,
|
||||||
pid: project.id,
|
pid: project.id,
|
||||||
|
|
@ -95,12 +86,19 @@ define(function(require, exports, module) {
|
||||||
type: project.scm
|
type: project.scm
|
||||||
};
|
};
|
||||||
|
|
||||||
if (wsSession.type != "docker" || project.state != db.Project.STATE_READY)
|
|
||||||
return next();
|
|
||||||
|
|
||||||
roleCache.set(key, wsSession);
|
roleCache.set(key, wsSession);
|
||||||
req.projectSession = wsSession;
|
req.projectSession = wsSession;
|
||||||
|
|
||||||
|
if (role == db.Project.ROLE_NONE) {
|
||||||
|
if (project.isPublicPreview())
|
||||||
|
role = db.Project.ROLE_VISITOR;
|
||||||
|
else
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wsSession.type != "docker" || project.state != db.Project.STATE_READY)
|
||||||
|
return next();
|
||||||
|
|
||||||
project.populate("remote", function(err) {
|
project.populate("remote", function(err) {
|
||||||
if (err) return next(err);
|
if (err) return next(err);
|
||||||
|
|
||||||
|
|
@ -122,6 +120,21 @@ define(function(require, exports, module) {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function checkRole(db) {
|
||||||
|
return function(req, res, next) {
|
||||||
|
var role = req.projectSession.role;
|
||||||
|
|
||||||
|
if (role == db.Project.ROLE_NONE) {
|
||||||
|
if (req.session.uid == -1)
|
||||||
|
return next(new error.Unauthorized());
|
||||||
|
else
|
||||||
|
return next(new error.Forbidden("You don't have access rights to preview this workspace"));
|
||||||
|
}
|
||||||
|
|
||||||
|
return next();
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
function getProxyUrl(getServer) {
|
function getProxyUrl(getServer) {
|
||||||
return function(req, res, next) {
|
return function(req, res, next) {
|
||||||
|
|
@ -363,6 +376,7 @@ define(function(require, exports, module) {
|
||||||
"preview.handler": {
|
"preview.handler": {
|
||||||
getProjectSession: getProjectSession,
|
getProjectSession: getProjectSession,
|
||||||
getRole: getRole,
|
getRole: getRole,
|
||||||
|
checkRole: checkRole,
|
||||||
getProxyUrl: getProxyUrl,
|
getProxyUrl: getProxyUrl,
|
||||||
proxyCall: proxyCall
|
proxyCall: proxyCall
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,7 @@ define(function(require, exports, module) {
|
||||||
require("./lib/middleware/block-dot-files"),
|
require("./lib/middleware/block-dot-files"),
|
||||||
handler.getProjectSession(),
|
handler.getProjectSession(),
|
||||||
handler.getRole(db),
|
handler.getRole(db),
|
||||||
|
handler.checkRole(db),
|
||||||
handler.getProxyUrl(function() {
|
handler.getProxyUrl(function() {
|
||||||
return getVfsServers()[0] || null;
|
return getVfsServers()[0] || null;
|
||||||
}),
|
}),
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue