sharedb-access
Advanced tools
sharedb-access - npm Package Compare versions
Comparing version 2.0.2 to 2.0.3
@@ -86,2 +86,12 @@ var _ = require('lodash'); | ||
| ShareDBAccess.prototype.commitHandler = function (shareRequest, done){ | ||
| // Only derby-app client-request and server | ||
| // if we set up checkServerAccess flag in stream | ||
| // | ||
| // we can set it up in the express middleware | ||
| // before derby-apps routing in express | ||
| // and set it off after | ||
| var stream = shareRequest.agent.stream || {}; | ||
| if (stream.isServer && !stream.checkServerAccess) return done(); | ||
| var opData = shareRequest.op; | ||
@@ -91,3 +101,3 @@ | ||
| var session = shareRequest.agent.connectSession; | ||
| var session = shareRequest.agent.connectSession || {}; | ||
| var collection = shareRequest.index || shareRequest.collection; | ||
@@ -109,2 +119,5 @@ var docId = shareRequest.id; | ||
| ShareDBAccess.prototype.applyHandler = function (shareRequest, done) { | ||
| var stream = shareRequest.agent.stream || {}; | ||
| if (stream.isServer && !stream.checkServerAccess) return done(); | ||
| var opData = shareRequest.op; | ||
@@ -116,4 +129,2 @@ var session = shareRequest.agent.connectSession || {}; | ||
| var origin = getOrigin(shareRequest.agent); | ||
| // Save userId for audit purpose | ||
@@ -123,15 +134,2 @@ opData.m = opData.m || {}; | ||
| // Only derby-app client-request and server | ||
| // if we set up checkServerAccess flag in stream | ||
| // | ||
| // we can set it up in the express middleware | ||
| // before derby-apps routing in express | ||
| // and set it off after | ||
| var checkServerAccess = shareRequest.agent.stream.checkServerAccess; | ||
| if (origin == 'server' && !checkServerAccess){ | ||
| return done(); | ||
| } | ||
| // ++++++++++++++++++++++++++++++++ CREATE ++++++++++++++++++++++++++++++++++ | ||
@@ -168,4 +166,8 @@ if (opData.create){ | ||
| ShareDBAccess.prototype.docHandler = function (shareRequest, next){ | ||
| ShareDBAccess.prototype.docHandler = function (shareRequest, done){ | ||
| // ++++++++++++++++++++++++++++++++ READ ++++++++++++++++++++++++++++++++++ | ||
| var stream = shareRequest.agent.stream || {}; | ||
| if (stream.isServer && !stream.checkServerAccess) return done(); | ||
| var collection = shareRequest.index || shareRequest.collection; | ||
@@ -176,12 +178,4 @@ var docId = shareRequest.id; | ||
| var session = agent.connectSession; | ||
| var session = agent.connectSession || {}; | ||
| var origin = getOrigin(agent); | ||
| var checkServerAccess = agent.stream.checkServerAccess; | ||
| if (origin == 'server' && !checkServerAccess){ | ||
| return next(); | ||
| } | ||
| var ok = this.check('Read', collection, [docId, doc, session]); | ||
@@ -191,5 +185,5 @@ | ||
| if (ok) return next(); | ||
| if (ok) return done(); | ||
| next('403: Permission denied (read), collection: ' + collection + ', docId: '+ docId); | ||
| done('403: Permission denied (read), collection: ' + collection + ', docId: '+ docId); | ||
| }; | ||
@@ -196,0 +190,0 @@ |
| { | ||
| "name": "sharedb-access", | ||
| "version": "2.0.2", | ||
| "version": "2.0.3", | ||
| "description": "Sharedb access-control midleware", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.03%
11584
Worsened metrics
- Lines of code
- decreased by-1.85%
212