Refuse connection if the user is no longer authorized

This should do the trick for issue 815. Please review and merge if it works. Try again: Fewer variables.
2012-06-26 15:28:18 -07:00 · 2012-06-26 15:28:18 -07:00 · 79ca5f3e7c
parent e4ff4021ab
commit 79ca5f3e7c
1 changed files with 55 additions and 23 deletions
--- a/src/node/handler/PadMessageHandler.js
+++ b/src/node/handler/PadMessageHandler.js
@ -169,6 +169,7 @@ exports.handleMessage = function(client, message)
    return;
  }

+  var finalHandler = function () {
    //Check what type of message we get and delegate to the other methodes
    if(message.type == "CLIENT_READY") {
      handleClientReady(client, message);
@ -194,6 +195,37 @@ exports.handleMessage = function(client, message)
    } else {
      messageLogger.warn("Dropped message, unknown Message Type " + message.type);
    }
+  };
+
+  if (message && message.padId) {
+    async.series([
+      //check permissions
+      function(callback)
+      {
+        // Note: message.sessionID is an entirely different kind of
+        // session from the sessions we use here! Beware! FIXME: Call
+        // our "sessions" "connections".
+        // FIXME: Use a hook instead
+        // FIXME: Allow to override readwrite access with readonly
+        securityManager.checkAccess(message.padId, message.sessionID, message.token, message.password, function(err, statusObject)
+        {
+          if(ERR(err, callback)) return;
+
+          //access was granted
+          if(statusObject.accessStatus == "grant")
+          {
+            callback();
+          }
+          //no access, send the client a message that tell him why
+          else
+          {
+            client.json.send({accessStatus: statusObject.accessStatus})
+          }
+        });
+      },
+      finalHandler
+    ]);
+  }
 }