Closes #96 -- user re-auth on permissions change

app/app/services/ajax.js

@@ -33,5 +33,21 @@ export default AjaxService.extend({
 
 			return headers;
 		}
-	})
+	}),
+
+	handleResponse(status, headers /*, payload*/) {
+		try {
+			let user = this.get('session.session.content.authenticated.user');
+			let userUpdate = headers['x-documize-status'];
+			if (is.not.empty(userUpdate)) {
+				let latest = JSON.parse(userUpdate);
+
+				if (!latest.active || user.editor !== latest.editor || user.admin !== latest.admin) {
+					window.location.href = 'auth/login';
+				}
+			}
+		} catch(e){} // eslint-disable-line no-empty
+
+		return this._super(...arguments);
+	}
 });

core/api/endpoint/authentication_endpoint.go

@@ -211,12 +211,25 @@ func Authorize(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
 			context.Administrator = user.Admin
 			context.Editor = user.Editor
 			context.Global = user.Global
+
+			var state struct {
+				Active bool `json:"active"`
+				Admin  bool `json:"admin"`
+				Editor bool `json:"editor"`
+			}
+
+			state.Active = user.Active
+			state.Admin = user.Admin
+			state.Editor = user.Editor
+			sb, err := json.Marshal(state)
+
+			w.Header().Add("X-Documize-Status", string(sb))
 		}
 
 		request.SetContext(r, context)
 		p = request.GetPersister(r)
 
-		// Middleware moves on if we say 'yes' -- autheticated or allow anon access.
+		// Middleware moves on if we say 'yes' -- authenticated or allow anon access.
 		authenticated = context.Authenticated || org.AllowAnonymousAccess
 	}