sharedb-access
Advanced tools
Comparing version 2.0.2 to 2.0.3
@@ -86,2 +86,12 @@ var _ = require('lodash'); | ||
ShareDBAccess.prototype.commitHandler = function (shareRequest, done){ | ||
// Only derby-app client-request and server | ||
// if we set up checkServerAccess flag in stream | ||
// | ||
// we can set it up in the express middleware | ||
// before derby-apps routing in express | ||
// and set it off after | ||
var stream = shareRequest.agent.stream || {}; | ||
if (stream.isServer && !stream.checkServerAccess) return done(); | ||
var opData = shareRequest.op; | ||
@@ -91,3 +101,3 @@ | ||
var session = shareRequest.agent.connectSession; | ||
var session = shareRequest.agent.connectSession || {}; | ||
var collection = shareRequest.index || shareRequest.collection; | ||
@@ -109,2 +119,5 @@ var docId = shareRequest.id; | ||
ShareDBAccess.prototype.applyHandler = function (shareRequest, done) { | ||
var stream = shareRequest.agent.stream || {}; | ||
if (stream.isServer && !stream.checkServerAccess) return done(); | ||
var opData = shareRequest.op; | ||
@@ -116,4 +129,2 @@ var session = shareRequest.agent.connectSession || {}; | ||
var origin = getOrigin(shareRequest.agent); | ||
// Save userId for audit purpose | ||
@@ -123,15 +134,2 @@ opData.m = opData.m || {}; | ||
// Only derby-app client-request and server | ||
// if we set up checkServerAccess flag in stream | ||
// | ||
// we can set it up in the express middleware | ||
// before derby-apps routing in express | ||
// and set it off after | ||
var checkServerAccess = shareRequest.agent.stream.checkServerAccess; | ||
if (origin == 'server' && !checkServerAccess){ | ||
return done(); | ||
} | ||
// ++++++++++++++++++++++++++++++++ CREATE ++++++++++++++++++++++++++++++++++ | ||
@@ -168,4 +166,8 @@ if (opData.create){ | ||
ShareDBAccess.prototype.docHandler = function (shareRequest, next){ | ||
ShareDBAccess.prototype.docHandler = function (shareRequest, done){ | ||
// ++++++++++++++++++++++++++++++++ READ ++++++++++++++++++++++++++++++++++ | ||
var stream = shareRequest.agent.stream || {}; | ||
if (stream.isServer && !stream.checkServerAccess) return done(); | ||
var collection = shareRequest.index || shareRequest.collection; | ||
@@ -176,12 +178,4 @@ var docId = shareRequest.id; | ||
var session = agent.connectSession; | ||
var session = agent.connectSession || {}; | ||
var origin = getOrigin(agent); | ||
var checkServerAccess = agent.stream.checkServerAccess; | ||
if (origin == 'server' && !checkServerAccess){ | ||
return next(); | ||
} | ||
var ok = this.check('Read', collection, [docId, doc, session]); | ||
@@ -191,5 +185,5 @@ | ||
if (ok) return next(); | ||
if (ok) return done(); | ||
next('403: Permission denied (read), collection: ' + collection + ', docId: '+ docId); | ||
done('403: Permission denied (read), collection: ' + collection + ', docId: '+ docId); | ||
}; | ||
@@ -196,0 +190,0 @@ |
{ | ||
"name": "sharedb-access", | ||
"version": "2.0.2", | ||
"version": "2.0.3", | ||
"description": "Sharedb access-control midleware", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
11584
212