fuwafuwa
/
etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #222 from jhollinger/master 

API-only access, per issue #150
This commit is contained in:
Peter 'Pita' Martischka 2011-11-26 12:22:04 -08:00
parent 33c51e1b01 a491600487
commit 3aacc0a1eb
4 changed files with 70 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
node/db/SecurityManager.js
View File

@ -23,6 +23,7 @@ var async = require("async");
var authorManager = require("./AuthorManager"); var authorManager = require("./AuthorManager");
var padManager = require("./PadManager"); var padManager = require("./PadManager");
var sessionManager = require("./SessionManager"); var sessionManager = require("./SessionManager");
var settings = require("../utils/Settings")
/** /**
* This function controlls the access to a pad, it checks if the user can access a pad. * This function controlls the access to a pad, it checks if the user can access a pad.
@ -34,18 +35,52 @@ var sessionManager = require("./SessionManager");
*/ */
exports.checkAccess = function (padID, sessionID, token, password, callback) exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
// it's not a group pad, means we can grant access var statusObject;
if(padID.indexOf("$") == -1)
// a valid session is required (api-only mode)
if(settings.requireSession)
{ {
//get author for this token // no sessionID, access is denied
authorManager.getAuthor4Token(token, function(err, author) if(!sessionID)
{ {
// grant access, with author of token callback(null, {accessStatus: "deny"});
callback(err, {accessStatus: "grant", authorID: author}); return;
}) }
}
//don't continue // a session is not required, so we'll check if it's a public pad
return; else
{
// it's not a group pad, means we can grant access
if(padID.indexOf("$") == -1)
{
//get author for this token
authorManager.getAuthor4Token(token, function(err, author)
{
// assume user has access
statusObject = {accessStatus: "grant", authorID: author};
// user can't create pads
if(settings.editOnly)
{
// check if pad exists
padManager.doesPadExists(padID, function(err, exists)
{
// pad doesn't exist - user can't have access
if(!exists) statusObject.accessStatus = "deny";
// grant or deny access, with author of token
callback(err, statusObject);
});
}
// user may create new pads - no need to check anything
else
{
// grant access, with author of token
callback(err, statusObject);
}
})
//don't continue
return;
}
} }
var groupID = padID.split("$")[0]; var groupID = padID.split("$")[0];
@ -57,8 +92,6 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
var isPasswordProtected; var isPasswordProtected;
var passwordStatus = password == null ? "notGiven" : "wrong"; // notGiven, correct, wrong var passwordStatus = password == null ? "notGiven" : "wrong"; // notGiven, correct, wrong
var statusObject;
async.series([ async.series([
//get basic informations from the database //get basic informations from the database
function(callback) function(callback)
@ -180,6 +213,8 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
{ {
//--> grant access //--> grant access
statusObject = {accessStatus: "grant", authorID: sessionAuthor}; statusObject = {accessStatus: "grant", authorID: sessionAuthor};
//--> deny access if user isn't allowed to create the pad
if(settings.editOnly) statusObject.accessStatus = "deny";
} }
// there is no valid session avaiable AND pad exists // there is no valid session avaiable AND pad exists
else if(!validSession && padExists) else if(!validSession && padExists)

11
node/utils/Settings.js
View File

@ -42,6 +42,17 @@ exports.dbSettings = { "filename" : "../var/dirty.db" };
* The default Text of a new pad * The default Text of a new pad
*/ */
exports.defaultPadText = "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n"; exports.defaultPadText = "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n";
/**
* A flag that requires any user to have a valid session (via the api) before accessing a pad
*/
exports.requireSession = false;
/**
* A flag that prevents users from creating new pads
*/
exports.editOnly = false;
/** /**
* A flag that shows if minification is enabled or not * A flag that shows if minification is enabled or not
*/ */

6
settings.json.template
View File

@ -29,6 +29,12 @@
//the default text of a pad //the default text of a pad
"defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n", "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
"requireSession" : false,
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
"editOnly" : false,
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
but makes it impossible to debug the javascript/css */ but makes it impossible to debug the javascript/css */
"minify" : true, "minify" : true,

6
settings.json.template_windows
View File

@ -28,6 +28,12 @@
//the default text of a pad //the default text of a pad
"defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n", "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
"requireSession" : false,
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
"editOnly" : false,
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
but makes it impossible to debug the javascript/css */ but makes it impossible to debug the javascript/css */
"minify" : false, "minify" : false,