Skip to content

Commit 39da4bb

Browse files
shubhamqweasdshubhamqweasd
authored
Merge pull request #191 from CloudBoost/staging
Staging
2 parents 358a4e2 + e5cc85e commit 39da4bb

File tree

2 files changed

+115
-51
lines changed

2 files changed

+115
-51
lines changed

api/app/App.js

+56-48
Original file line numberDiff line numberDiff line change
@@ -93,22 +93,21 @@ module.exports = function() {
9393

9494
var appKey = req.body.key || req.params.key;
9595

96-
global.appService.isMasterKey(appId, appKey).then(function(isMasterKey) {
97-
if (isMasterKey) {
98-
//delete all code here.
96+
// to delete table authorize on app level
97+
global.appService.isClientAuthorized(appId,appKey,'app',null).then(function(isAuthorized){
98+
if(isAuthorized){
9999
global.appService.deleteTable(appId, tableName).then(function(table) {
100100
res.status(200).send(table);
101101
}, function(error) {
102102
console.log("Table Delete Error");
103103
console.log(error);
104104
res.status(500).send('Cannot delete table at this point in time. Please try again later.');
105105
});
106-
} else {
107-
res.status(401).send({status: 'Unauthorized'});
108-
}
109-
}, function(error) {
110-
return res.status(500).send('Cannot retrieve security keys.');
111-
});
106+
} else return res.status(401).send({status: 'Unauthorized'});
107+
},function(error){
108+
return res.status(401).send({status: 'Unauthorized',message:error});
109+
})
110+
112111
} catch (e) {
113112
console.log("Delete Table Error");
114113
console.log(e);
@@ -137,30 +136,32 @@ module.exports = function() {
137136
var sdk = req.body.sdk || "REST";
138137
var appKey = req.body.key || req.params.key;
139138

140-
global.appService.isMasterKey(appId, appKey).then(function(isMasterKey) {
141-
if (isMasterKey) {
142-
//delete all code here.
139+
if (global.mongoDisconnected) {
140+
return res.status(500).send('Storage / Cache Backend are temporarily down.');
141+
}
143142

144-
if (global.mongoDisconnected) {
145-
return res.status(500).send('Storage / Cache Backend are temporarily down.');
146-
}
143+
// check if table already exists
144+
global.appService.getTable(appId, tableName).then(function(table) {
145+
// authorize client for table level, if table found then authorize on table level else on app level for creating new table.
146+
let authorizationLevel = table ? 'table' : 'app'
147+
global.appService.isClientAuthorized(appId,appKey,authorizationLevel,table).then(function(isAuthorized){
148+
if(isAuthorized){
149+
global.appService.upsertTable(appId, tableName, body.data.columns, body.data).then(function(table) {
150+
return res.status(200).send(table);
151+
},function(err){
152+
return res.status(500).send(err);
153+
});
154+
} else return res.status(401).send({status: 'Unauthorized'});
155+
},function(error){
156+
return res.status(401).send({status: 'Unauthorized',message:error});
157+
})
147158

148-
global.appService.upsertTable(appId, tableName, body.data.columns).then(function(table) {
149-
return res.status(200).send(table);
159+
}, function(err) {
160+
return res.status(500).send(err);
161+
});
150162

151-
},function(err){
152-
return res.status(500).send(err);
153-
});
154-
} else {
155-
return res.status(401).send({status: 'Unauthorized'});
156-
}
157-
}, function(error) {
158-
return res.status(500).send('Cannot retrieve security keys.');
159-
});
160163
global.apiTracker.log(appId,"App / Table / Create", req.url,sdk);
161-
162164
}
163-
164165
});
165166

166167
//get a table.
@@ -175,29 +176,36 @@ module.exports = function() {
175176
var sdk = req.body.sdk || "REST";
176177
var appKey = req.body.key || req.params.key;
177178

178-
global.appService.isMasterKey(appId, appKey).then(function(isMasterKey) {
179-
if (isMasterKey) {
180-
//delete all code here.
181-
if (tableName === "_getAll") {
182-
global.appService.getAllTables(appId).then(function(tables) {
183-
return res.status(200).send(tables);
184-
}, function(err) {
185-
return res.status(500).send('Error');
186-
});
187-
} else {
188-
global.appService.getTable(appId, tableName).then(function(table) {
189-
return res.status(200).send(table);
190-
}, function(err) {
191-
return res.status(500).send('Error');
192-
});
193-
}
179+
if (tableName === "_getAll") {
180+
// to get all tables authorize on app level;
181+
global.appService.isClientAuthorized(appId,appKey,'app',null).then(function(isAuthorized){
182+
if(isAuthorized){
183+
global.appService.getAllTables(appId).then(function(tables) {
184+
return res.status(200).send(tables);
185+
}, function(err) {
186+
return res.status(500).send('Error');
187+
});
188+
} else return res.status(401).send({status: 'Unauthorized'});
189+
},function(error){
190+
return res.status(401).send({status: 'Unauthorized',message:error});
191+
})
194192

195193
} else {
196-
return res.status(401).send({status: 'Unauthorized'});
194+
195+
global.appService.getTable(appId, tableName).then(function(table) {
196+
// to get a tables authorize on table level;
197+
global.appService.isClientAuthorized(appId,appKey,'table',table).then(function(isAuthorized){
198+
if(isAuthorized){
199+
return res.status(200).send(table);
200+
} else return res.status(401).send({status: 'Unauthorized'});
201+
},function(error){
202+
return res.status(401).send({status: 'Unauthorized',message:error});
203+
})
204+
205+
}, function(err) {
206+
return res.status(500).send('Error');
207+
});
197208
}
198-
}, function(error) {
199-
return res.status(500).send('Cannot retrieve security keys.');
200-
});
201209

202210
global.apiTracker.log(appId, "App / Table / Get", req.url, sdk);
203211
}

services/app.js

+59-3
Original file line numberDiff line numberDiff line change
@@ -456,7 +456,11 @@ module.exports = function() {
456456
if (project.keys.master === key) {
457457
deferred.resolve(true);
458458
} else {
459-
deferred.resolve(false);
459+
if (project.keys.js === key){
460+
deferred.resolve(false);
461+
} else {
462+
deferred.resolve(false);
463+
}
460464
}
461465
}, function() {});
462466

@@ -498,10 +502,58 @@ module.exports = function() {
498502
return deferred.promise;
499503
},
500504

501-
upsertTable: function(appId, tableName, schema) {
505+
isClientAuthorized : function(appId,appKey,level,table){
506+
var deferred = q.defer();
507+
var self = this
508+
self.isKeyValid(appId, appKey).then(function(isValidKey){
509+
if(isValidKey){
510+
self.isMasterKey(appId, appKey).then(function(isMasterKey) {
511+
// resolve if masterKey
512+
if(isMasterKey){
513+
deferred.resolve(true)
514+
} else {
515+
// else check with client keys acc to auth level
516+
// levels = table level or app level
517+
// for app level check in app settings , for table level check in table schema
518+
if(level === 'table'){
519+
if(table) {
520+
deferred.resolve(!!table.isEditableByClientKey)
521+
} else deferred.resolve(false);
522+
} else {
523+
self.getAllSettings(appId).then(function(settings){
524+
if(settings){
525+
// check for clientkey flag in genral settings
526+
let generalSetting = settings.filter((function(x){
527+
return x.category === 'general'
528+
}))
529+
if(generalSetting[0]){
530+
deferred.resolve(!!generalSetting[0].settings.isTableEditableByClientKey)
531+
} else deferred.resolve(false);
532+
} else deferred.resolve(false);
533+
534+
}, function(error) {
535+
deferred.reject(error);
536+
});
537+
}
538+
}
539+
}, function(error) {
540+
deferred.reject(error);
541+
});
542+
} else {
543+
deferred.reject('Unauthorized');
544+
}
545+
},function(err){
546+
deferred.reject(err);
547+
})
548+
549+
return deferred.promise;
550+
},
551+
552+
upsertTable: function(appId, tableName, schema, tableProps) {
502553

503554
var deferred = global.q.defer();
504-
555+
tableProps = tableProps || { isEditableByClientKey : false }
556+
505557
try {
506558

507559
var self = this;
@@ -602,6 +654,9 @@ module.exports = function() {
602654
}
603655

604656
table.columns = schema;
657+
// update table props
658+
table.isEditableByClientKey = !!tableProps.isEditableByClientKey
659+
605660
} else {
606661

607662
isNewTable = true;
@@ -613,6 +668,7 @@ module.exports = function() {
613668
table.name = tableName;
614669
table.type = tableType;
615670
table._type = "table";
671+
table.isEditableByClientKey = !!tableProps.isEditableByClientKey
616672
}
617673

618674
var collection = global.mongoClient.db(appId).collection("_Schema");

0 commit comments

Comments
 (0)