Commit 69695d818e7189723b0be539b908d6492aa564c0
1 parent
cb1c1601
Serveur: Vérification des permissions de modifications de membres
Code amélioré en divers points
Showing
7 changed files
with
77 additions
and
46 deletions
Show diff stats
app/controllers/sessions.js
| ... | ... | @@ -3,6 +3,8 @@ var noms = require('../controllers/noms'); |
| 3 | 3 | |
| 4 | 4 | var sessions = {} |
| 5 | 5 | |
| 6 | +sessions.cur = false | |
| 7 | + | |
| 6 | 8 | sessions.addData = function (session, cb) { |
| 7 | 9 | noms.get(session.login, function (nom) { |
| 8 | 10 | if (typeof nom == 'string') { |
| ... | ... | @@ -10,6 +12,8 @@ sessions.addData = function (session, cb) { |
| 10 | 12 | } else { |
| 11 | 13 | session.nom = 'Inconnu' |
| 12 | 14 | } |
| 15 | + session.canAddMembre = session.login == 'gbontoux' | |
| 16 | + session.canDelMembre = session.login == 'gbontoux' | |
| 13 | 17 | cb(session) |
| 14 | 18 | }) |
| 15 | 19 | } |
| ... | ... | @@ -45,7 +49,7 @@ sessions.verify = function (id, cb) { |
| 45 | 49 | } else { |
| 46 | 50 | if (session) { |
| 47 | 51 | if (sessions.valid(session)) { |
| 48 | - cb(err, session); | |
| 52 | + cb(null, session); | |
| 49 | 53 | } else { |
| 50 | 54 | cb('expired'); |
| 51 | 55 | _this.delete(id) |
| ... | ... | @@ -57,6 +61,18 @@ sessions.verify = function (id, cb) { |
| 57 | 61 | }); |
| 58 | 62 | } |
| 59 | 63 | |
| 64 | +sessions.use = function (id, cb) { | |
| 65 | + _this = this | |
| 66 | + _this.verify(id, function (err, session) { | |
| 67 | + if (err) { | |
| 68 | + cb(err) | |
| 69 | + } else { | |
| 70 | + _this.cur = session | |
| 71 | + cb(null) | |
| 72 | + } | |
| 73 | + }) | |
| 74 | +} | |
| 75 | + | |
| 60 | 76 | sessions.create = function (login, cb) { |
| 61 | 77 | Session.create({ |
| 62 | 78 | login: login |
| ... | ... | @@ -89,7 +105,7 @@ sessions.open = function (data, cb) { |
| 89 | 105 | if (err) { |
| 90 | 106 | cb('error'); |
| 91 | 107 | } else { |
| 92 | - _this.find(session._id, cb) | |
| 108 | + _this.use(session._id, cb) | |
| 93 | 109 | } |
| 94 | 110 | }); |
| 95 | 111 | } else { | ... | ... |
app/routes/api.js
| ... | ... | @@ -7,11 +7,11 @@ var api = express() |
| 7 | 7 | // Sessions |
| 8 | 8 | api.get('/session', function (req, res) { // Informations sur la session |
| 9 | 9 | if (req.cookies && req.cookies.session) { |
| 10 | - sessions.verify(req.cookies.session, function (err, session) { | |
| 10 | + sessions.use(req.cookies.session, function (err) { | |
| 11 | 11 | if (err) { |
| 12 | 12 | res.send(err) |
| 13 | 13 | } else { |
| 14 | - res.send(session) | |
| 14 | + res.send(sessions.cur) | |
| 15 | 15 | } |
| 16 | 16 | }) |
| 17 | 17 | // TODO si pas bon : res.clearCookie('session') |
| ... | ... | @@ -21,12 +21,12 @@ api.get('/session', function (req, res) { // Informations sur la session |
| 21 | 21 | }); |
| 22 | 22 | |
| 23 | 23 | api.post('/session', function (req, res) { // Se connecter |
| 24 | - sessions.open(req.body, function (err, session) { | |
| 24 | + sessions.open(req.body, function (err) { | |
| 25 | 25 | if (err) { |
| 26 | 26 | res.send(err) |
| 27 | 27 | } else { |
| 28 | - res.cookie('session', session._id); | |
| 29 | - res.send(session) | |
| 28 | + res.cookie('session', sessions.cur._id); | |
| 29 | + res.send(sessions.cur) | |
| 30 | 30 | } |
| 31 | 31 | }) |
| 32 | 32 | }) |
| ... | ... | @@ -42,6 +42,20 @@ api.delete('/session', function (req, res) { // Se déconnecter |
| 42 | 42 | } |
| 43 | 43 | }) |
| 44 | 44 | |
| 45 | +ifPermission = function (req, res, perm, cb) { | |
| 46 | + sessions.use(req.cookies.session, function (err) { | |
| 47 | + if (err) { | |
| 48 | + res.status(403).end() | |
| 49 | + } else { | |
| 50 | + if (sessions.cur[perm]) { | |
| 51 | + cb() | |
| 52 | + } else { | |
| 53 | + res.status(403).end() | |
| 54 | + } | |
| 55 | + } | |
| 56 | + }) | |
| 57 | +} | |
| 58 | + | |
| 45 | 59 | |
| 46 | 60 | // Membres |
| 47 | 61 | api.get('/membres', function (req, res) { // Liste des membres |
| ... | ... | @@ -53,27 +67,31 @@ api.get('/membres', function (req, res) { // Liste des membres |
| 53 | 67 | }); |
| 54 | 68 | |
| 55 | 69 | api.post('/membres', function (req, res) { // Ajout d'un membre |
| 56 | - membres.add(req.body, function (err, membre) { | |
| 57 | - if (err) | |
| 58 | - res.send(err); | |
| 59 | - membres.list(function (err, membres) { | |
| 70 | + ifPermission(req, res, 'canAddMembre', function () { | |
| 71 | + membres.add(req.body, function (err, membre) { | |
| 60 | 72 | if (err) |
| 61 | 73 | res.send(err); |
| 62 | - res.json(membres); | |
| 74 | + membres.list(function (err, membres) { | |
| 75 | + if (err) | |
| 76 | + res.send(err); | |
| 77 | + res.json(membres); | |
| 78 | + }); | |
| 63 | 79 | }); |
| 64 | - }); | |
| 80 | + }) | |
| 65 | 81 | }); |
| 66 | 82 | |
| 67 | 83 | api.delete('/membres/:membre_id', function (req, res) { // Supression d'un membre |
| 68 | - membres.remove(req.params.membre_id, function (err, membre) { | |
| 69 | - if (err) | |
| 70 | - res.send(err); | |
| 71 | - membres.list(function (err, membres) { | |
| 84 | + ifPermission(req, res, 'canDelMembre', function () { | |
| 85 | + membres.remove(req.params.membre_id, function (err, membre) { | |
| 72 | 86 | if (err) |
| 73 | 87 | res.send(err); |
| 74 | - res.json(membres); | |
| 88 | + membres.list(function (err, membres) { | |
| 89 | + if (err) | |
| 90 | + res.send(err); | |
| 91 | + res.json(membres); | |
| 92 | + }); | |
| 75 | 93 | }); |
| 76 | - }); | |
| 94 | + }) | |
| 77 | 95 | }) |
| 78 | 96 | |
| 79 | 97 | module.exports = api; |
| 80 | 98 | \ No newline at end of file | ... | ... |
public/js/controllers/MembreCtrl.js
| 1 | 1 | angular.module('MembreCtrl', []).controller('MembreController', ['$scope', '$http', 'SessionService', |
| 2 | 2 | function ($scope, $http, SessionService) { |
| 3 | 3 | $scope.formData = {}; |
| 4 | - $scope.canAdd = SessionService.logged | |
| 5 | - $scope.canDel = SessionService.logged | |
| 6 | 4 | |
| 7 | - // when landing on the page, get all Membres and show them | |
| 5 | + $scope.session = SessionService.cur | |
| 6 | + SessionService.onChange(function () { | |
| 7 | + $scope.session = SessionService.cur | |
| 8 | + }) | |
| 9 | + | |
| 8 | 10 | $http.get('/api/membres') |
| 9 | 11 | .success(function (data) { |
| 10 | 12 | $scope.membres = data; |
| ... | ... | @@ -14,12 +16,11 @@ angular.module('MembreCtrl', []).controller('MembreController', ['$scope', '$htt |
| 14 | 16 | console.log('Error: ' + data); |
| 15 | 17 | }); |
| 16 | 18 | |
| 17 | - // when submitting the add form, send the text to the node API | |
| 18 | 19 | $scope.createMembre = function () { |
| 19 | 20 | console.log('Adding', $scope.formData); |
| 20 | 21 | $http.post('/api/membres', $scope.formData) |
| 21 | 22 | .success(function (data) { |
| 22 | - $scope.formData = {}; // clear the form so our user is ready to enter another | |
| 23 | + $scope.formData = {}; | |
| 23 | 24 | $scope.membres = data; |
| 24 | 25 | }) |
| 25 | 26 | .error(function (data) { |
| ... | ... | @@ -27,7 +28,6 @@ angular.module('MembreCtrl', []).controller('MembreController', ['$scope', '$htt |
| 27 | 28 | }); |
| 28 | 29 | }; |
| 29 | 30 | |
| 30 | - // delete a Membre after checking it | |
| 31 | 31 | $scope.deleteMembre = function (id) { |
| 32 | 32 | $http.delete('/api/membres/' + id) |
| 33 | 33 | .success(function (data) { | ... | ... |
public/js/controllers/SessionCtrl.js
| 1 | 1 | angular.module('SessionsCtrl', []).controller('SessionController', ['$scope', 'SessionService', |
| 2 | 2 | function ($scope, SessionService) { |
| 3 | - $scope.session = SessionService | |
| 4 | - // $scope.session.onChange(function () { | |
| 5 | - // // TODO | |
| 6 | - // }) | |
| 3 | + $scope.session = SessionService.cur | |
| 4 | + $scope.disconnect = function () { | |
| 5 | + SessionService.disconnect() | |
| 6 | + } | |
| 7 | + SessionService.onChange(function () { | |
| 8 | + $scope.session = SessionService.cur | |
| 9 | + }) | |
| 7 | 10 | // $scope.$on("$destroy", function () { |
| 8 | 11 | // // TODO |
| 9 | 12 | // }) | ... | ... |
public/js/services/SessionServ.js
| 1 | 1 | angular.module('SessionsServ', []).service('SessionService', ['$http', |
| 2 | 2 | function ($http) { |
| 3 | 3 | a = { |
| 4 | - nom: "Invité", | |
| 5 | - logged: false, | |
| 4 | + cur: false, | |
| 6 | 5 | status: 0, |
| 7 | 6 | changeHandlers: [], |
| 8 | 7 | onChange: function (fun) { |
| ... | ... | @@ -14,18 +13,15 @@ angular.module('SessionsServ', []).service('SessionService', ['$http', |
| 14 | 13 | } |
| 15 | 14 | }, |
| 16 | 15 | updateSessionInfos: function (data) { |
| 16 | + console.log("Connection:", data) | |
| 17 | 17 | if (typeof data === 'object') { |
| 18 | - console.log("Connected") | |
| 19 | - this.logged = true | |
| 20 | - this.nom = data.nom | |
| 18 | + this.cur = data | |
| 21 | 19 | } else { |
| 22 | - | |
| 23 | - this.logged = false | |
| 20 | + this.cur = false | |
| 24 | 21 | } |
| 25 | 22 | this.triggerChange() |
| 26 | 23 | }, |
| 27 | 24 | get: function (cb) { // Fetch infos if needed |
| 28 | - console.log("Session: get") | |
| 29 | 25 | if (status == 0) { |
| 30 | 26 | this.status = 1 // Fetching |
| 31 | 27 | _this = this |
| ... | ... | @@ -41,11 +37,10 @@ angular.module('SessionsServ', []).service('SessionService', ['$http', |
| 41 | 37 | } |
| 42 | 38 | }) |
| 43 | 39 | } else { |
| 44 | - console.warn("get multiple times") | |
| 40 | + console.warn("Unnecessary get() call") | |
| 45 | 41 | } |
| 46 | 42 | }, |
| 47 | 43 | connect: function (login, pass, cb) { |
| 48 | - console.log("Session: connecting with login:", login) | |
| 49 | 44 | _this = this |
| 50 | 45 | $http.post('/api/session', { |
| 51 | 46 | login: login, |
| ... | ... | @@ -62,9 +57,8 @@ angular.module('SessionsServ', []).service('SessionService', ['$http', |
| 62 | 57 | }) |
| 63 | 58 | }, |
| 64 | 59 | disconnect: function () { |
| 65 | - console.log("Session: disconnect", this.name) | |
| 60 | + this.updateSessionInfos(false) | |
| 66 | 61 | $http.delete('/api/session') |
| 67 | - this.logged = false | |
| 68 | 62 | } |
| 69 | 63 | } |
| 70 | 64 | a.get() | ... | ... |
public/views/index.html
| ... | ... | @@ -31,8 +31,8 @@ |
| 31 | 31 | </ul> |
| 32 | 32 | <ul class="nav navbar-nav navbar-right" ng-controller="SessionController"> |
| 33 | 33 | <li> |
| 34 | - <a ng-hide="session.logged" href="/connect">Se connecter</a> | |
| 35 | - <a ng-show="session.logged" href="#" ng-click="session.disconnect()">{{ session.nom }} <span class="glyphicon glyphicon-off"></span></a> | |
| 34 | + <a ng-hide="session" href="/connect">Se connecter</a> | |
| 35 | + <a ng-show="session" href="#" ng-click="disconnect()">{{ session.nom }} <span class="glyphicon glyphicon-off"></span></a> | |
| 36 | 36 | </li> |
| 37 | 37 | </ul> |
| 38 | 38 | </div> | ... | ... |
public/views/membres.html
| ... | ... | @@ -10,7 +10,7 @@ |
| 10 | 10 | <th>Nom</th> |
| 11 | 11 | <th>Section</th> |
| 12 | 12 | <th>Rôle</th> |
| 13 | - <th ng-if="canAdd || canDel">Action</th> | |
| 13 | + <th ng-if="session.canAddMembre || session.canDelMembre">Action</th> | |
| 14 | 14 | </tr> |
| 15 | 15 | </thead> |
| 16 | 16 | <tbody ng-repeat="membre in membres"> |
| ... | ... | @@ -18,13 +18,13 @@ |
| 18 | 18 | <td>{{ membre.login }}</td> |
| 19 | 19 | <td>{{ membre.section }}</td> |
| 20 | 20 | <td>{{ membre.role }}</td> |
| 21 | - <td ng-if="canDel"><button type="button" class="btn btn-danger" aria-label="Expulser" ng-click="deleteMembre(membre._id)"> | |
| 21 | + <td ng-if="session.canDelMembre"><button type="button" class="btn btn-danger" aria-label="Expulser" ng-click="deleteMembre(membre._id)"> | |
| 22 | 22 | <span class="glyphicon glyphicon-remove" aria-hidden="true"></span> |
| 23 | 23 | </button> |
| 24 | 24 | </td> |
| 25 | 25 | </tr> |
| 26 | 26 | </tbody> |
| 27 | - <tfoot id="membre-form" ng-if="canAdd"> | |
| 27 | + <tfoot id="membre-form" ng-if="session.canAddMembre"> | |
| 28 | 28 | <tr class="form-group"> |
| 29 | 29 | <td> |
| 30 | 30 | <input type="text" class="form-control input-lg" placeholder="Login" ng-model="formData.login"> | ... | ... |