Auth module

browser/synbiohub.js

@@ -735,3 +735,27 @@ $('form[action="/setup"] select[name="authProvider"]').change(function () {
     parentEl.find('div[class^="auth-"]').hide();
     parentEl.find('div.auth-' + providerName).show();
 })
+
+$(document).on('click', '.copyShare', function() {
+    let $row = $(this).closest('tr');
+    let shareLink = $row.find('#link').first().text();
+
+    let textArea = document.createElement("textarea");
+    textArea.value = shareLink;
+    document.body.appendChild(textArea);
+
+    textArea.select()
+    textArea.setSelectionRange(0, 9999999); // for mobile? 
+    document.execCommand('copy');
+
+    textArea.remove();
+})
+
+$(document).on('change', 'select#privilege', function() {
+    let name = $(this).attr('name').substring(6);
+    let value = $(this).val();
+    let updatePath = location.pathname.split('/').slice(0, -1).join('/') + '/updateShare'
+
+    $.post(updatePath, { authId: name, newPrivilege: value })
+})
+

lib/actions/makePublic.js

@@ -1,30 +1,22 @@
 const {
   getCollectionMetaData
 } = require('../query/collection')
-
-var pug = require('pug')
-
+const pug = require('pug')
 const {
   fetchSBOLObjectRecursive
 } = require('../fetch/fetch-sbol-object-recursive')
-
 const serializeSBOL = require('../serializeSBOL')
-
-var config = require('../config')
-
-var loadTemplate = require('../loadTemplate')
-
-var extend = require('xtend')
-
-var getUrisFromReq = require('../getUrisFromReq')
-
-var sparql = require('../sparql/sparql')
-
+const config = require('../config')
+const loadTemplate = require('../loadTemplate')
+const extend = require('xtend')
+const getUrisFromReq = require('../getUrisFromReq')
+const sparql = require('../sparql/sparql')
 const tmp = require('tmp-promise')
-
-var fs = require('mz/fs')
-
+const fs = require('mz/fs')
 const prepareSubmission = require('../prepare-submission')
+const access = require('../auth/access')
+const db = require('../db')
+const generateGraph = require('../generateGraph')
 
 module.exports = function (req, res) {
   req.setTimeout(0) // no timeout
@@ -74,7 +66,7 @@ module.exports = function (req, res) {
   var citations = []
   var collectionUri
 
-  const { graphUri, uri } = getUrisFromReq(req, res)
+  const { graphUri, baseUri, uri } = getUrisFromReq(req, res)
 
   if (req.method === 'POST') {
     overwriteMerge = req.body.tabState === 'new' ? '0' : '2'
@@ -146,7 +138,7 @@ module.exports = function (req, res) {
     console.log('check if exists:' + uri)
 
     return getCollectionMetaData(collectionUri, null /* public store */).then((result) => {
-      if (!result) {
+      if (!result || !result.displayId) {
         /* not found */
         console.log('not found')
         if (overwriteMerge === '0') {
@@ -233,6 +225,9 @@ module.exports = function (req, res) {
       })
     }).then((result) => {
       const { success, errorLog, resultFilename } = result
+      let publicPrefix = config.get('databasePrefix') + 'public/' + collectionId
+      let privatePrefix = baseUri
+      access.makePublic(privatePrefix, publicPrefix, uri)
 
       if (!success) {
         if (!req.accepts('text/html')) {
@@ -251,7 +246,14 @@ module.exports = function (req, res) {
 
       console.log('upload')
 
-      return sparql.uploadFile(null, resultFilename, 'application/rdf+xml').then(function removeSubmission (next) {
+      return sparql.uploadFile(null, resultFilename, 'application/rdf+xml').then(async function removeSubmission (next) {
+        let user = await db.model.User.findOne({ where: { graphUri: graphUri } })
+        let rootCollectionIdentity = config.get('databasePrefix') + `public/${collectionId}/${collectionId}_collection/${version}`
+
+        let graph = { }
+        graph[rootCollectionIdentity] = generateGraph(rootCollectionIdentity, { graphUri: null }) // second param should be a user, but no user owns public graph
+        access.grant(user, graph, 3, 'owner from make public')
+
         if (req.params.version !== 'current') {
           console.log('remove')
 

lib/actions/removeShare.js

@@ -0,0 +1,26 @@
+const db = require('../db')
+
+module.exports = async function (req, res) {
+  let toRemove = [ req.params.id ]
+
+  while (toRemove.length > 0) {
+    let id = toRemove.shift()
+    let children = await db.model.Auth.findAll({
+      where: {
+        rootAuth: id
+      }
+    })
+
+    children.forEach(child => {
+      toRemove.push(child.id)
+    })
+
+    db.model.Auth.destroy({
+      where: {
+        id: id
+      }
+    })
+  }
+
+  res.redirect(req.header('Referer'))
+}

lib/actions/removeShareLink.js

@@ -0,0 +1,10 @@
+const alias = require('../auth/alias')
+const virtualUser = require('../auth/virtualUser')
+
+module.exports = async function (req, res) {
+  let tag = req.params.tag
+  let user = await alias.remove(tag)
+  virtualUser.remove(user)
+
+  res.redirect(req.header('Referer')) // go back
+}

lib/actions/resetPassword.js

@@ -23,7 +23,7 @@ module.exports = function (req, res) {
       return
     }
 
-    req.session.user = user.id
+    req.session.users = [user.id]
     req.user = user
 
     var locals = {

lib/actions/setNewPassword.js

@@ -32,6 +32,8 @@ module.exports = async function (req, res) {
     user.password = User.hashPassword(req.body.password1)
 
     await user.save()
+    req.session.users = [user.id]
+    req.user = user
 
     req.session.user = user.id
     if (!req.accepts('text/html')) {

lib/actions/updateShare.js

@@ -0,0 +1,15 @@
+const privileges = require('../auth/privileges')
+const access = require('../auth/access')
+
+module.exports = function updateShare (req, res) {
+  if (!privileges.canShare(req.privilege)) {
+    res.sendStatus(403).end()
+    return
+  }
+
+  let authId = req.body.authId
+  let desiredPrivilege = req.body.newPrivilege
+
+  access.updatePrivilege(authId, desiredPrivilege)
+  res.sendStatus(200).end()
+}

lib/apiTokens.js

@@ -18,9 +18,11 @@ function deleteToken (token) {
 function getUserFromToken (token) {
   const uid = tokens[token]
 
-  if (uid === undefined) { return null }
+  if (uid === undefined) {
+    return Promise.reject(new Error('No user'))
+  }
 
-  return db.model.User.findById(uid)
+  return db.model.User.findById(uid, { include: [db.model.UserExternalProfile] })
 }
 
 function getUserIdFromToken (token) {