From 831dfce3cb4c18c342c9f426accd3b873253e3cb Mon Sep 17 00:00:00 2001 From: Harvey Kandola Date: Thu, 27 Apr 2017 12:49:10 +0100 Subject: [PATCH] Closes #96 -- user re-auth on permissions change --- app/app/services/ajax.js | 18 +++++++++++++++++- core/api/endpoint/authentication_endpoint.go | 15 ++++++++++++++- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/app/app/services/ajax.js b/app/app/services/ajax.js index c28f5dcc..43d4c34c 100644 --- a/app/app/services/ajax.js +++ b/app/app/services/ajax.js @@ -33,5 +33,21 @@ export default AjaxService.extend({ return headers; } - }) + }), + + handleResponse(status, headers /*, payload*/) { + try { + let user = this.get('session.session.content.authenticated.user'); + let userUpdate = headers['x-documize-status']; + if (is.not.empty(userUpdate)) { + let latest = JSON.parse(userUpdate); + + if (!latest.active || user.editor !== latest.editor || user.admin !== latest.admin) { + window.location.href = 'auth/login'; + } + } + } catch(e){} // eslint-disable-line no-empty + + return this._super(...arguments); + } }); diff --git a/core/api/endpoint/authentication_endpoint.go b/core/api/endpoint/authentication_endpoint.go index 5e2108ba..da5f74b4 100644 --- a/core/api/endpoint/authentication_endpoint.go +++ b/core/api/endpoint/authentication_endpoint.go @@ -211,12 +211,25 @@ func Authorize(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { context.Administrator = user.Admin context.Editor = user.Editor context.Global = user.Global + + var state struct { + Active bool `json:"active"` + Admin bool `json:"admin"` + Editor bool `json:"editor"` + } + + state.Active = user.Active + state.Admin = user.Admin + state.Editor = user.Editor + sb, err := json.Marshal(state) + + w.Header().Add("X-Documize-Status", string(sb)) } request.SetContext(r, context) p = request.GetPersister(r) - // Middleware moves on if we say 'yes' -- autheticated or allow anon access. + // Middleware moves on if we say 'yes' -- authenticated or allow anon access. authenticated = context.Authenticated || org.AllowAnonymousAccess }