Code mutualization.

2025-04-08 20:55:02 +02:00 · 2013-07-12 14:16:19 +02:00 · 2013-07-12 14:16:19 +02:00 · d01d89767a
commit d01d89767a
parent 9adfec28cf
2 changed files with 76 additions and 112 deletions
--- a/src/.jshintrc
+++ b/src/.jshintrc
--- a/src/api.js
+++ b/src/api.js
@ -36,7 +36,7 @@ Api.prototype.exec = function (session, request) {
 	try
 	{
-		return Q(method.call(this.xo, session, request));
+		return Q(method.call(this, session, request));
 	}
 	catch (e)
 	{
@ -121,7 +121,35 @@ Api.err = {
 // Helper functions that should be written:
 // - checkParams(req.params, param1, ..., paramN).then(...)
-// - isAuthorized(session, [permission]).then(...)
+// - checkPermission(xo, session, [permission]).then(...)
 // @todo Put helpers in their own namespace.
 Api.prototype.checkPermission = function (session, permission)
 {
 	// @todo Handle token permission.
 	var user_id = session.get('user_id');
 	if (undefined === user_id)
 	{
 		return Q.reject(Api.err.UNAUTHORIZED);
 	}
 	if (!permission)
 	{
 		/* jshint newcap:false */
 		return Q();
 	}
 	return this.xo.users.get(user_id).then(function (user) {
 		if (!user.hasPermission(permission))
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
 	});
 };
 //////////////////////////////////////////////////////////////////////
 Api.fn  = {};
@ -147,7 +175,7 @@ Api.fn.session = {
 			throw Api.err.ALREADY_AUTHENTICATED;
 		}
-		return this.users.findWhere({'email': p_email}).then(function (user) {
+		return this.xo.users.findWhere({'email': p_email}).then(function (user) {
 			if (!user)
 			{
 				throw Api.err.INVALID_CREDENTIAL;
@ -178,7 +206,7 @@ Api.fn.session = {
 			throw Api.err.ALREADY_AUTHENTICATED;
 		}
-		return this.tokens.get(p_token).then(function (token) {
+		return this.xo.tokens.get(p_token).then(function (token) {
 			if (!token)
 			{
 				throw Api.err.INVALID_CREDENTIAL;
@ -187,7 +215,6 @@ Api.fn.session = {
 			session.set('token_id', token.get('id'));
 			session.set('user_id', token.get('user_id'));
 			return true;
 		});
 	},
@ -198,8 +225,8 @@ Api.fn.session = {
 			return null;
 		}
-		return this.users.get(user_id).then(function (user) {
+		return this.xo.users.get(user_id).then(function (user) {
-			return _.pick(user.properties, 'id', 'email');
+			return _.pick(user.properties, 'id', 'email', 'permission');
 		});
 	}),
@ -224,19 +251,8 @@ Api.fn.user = {
 			throw Api.err.INVALID_PARAMS;
 		}
-		var user_id = session.get('user_id');
+		var users =  this.xo.users;
-		if (undefined === user_id)
+		return this.checkPermission(session, 'admin').then(function () {
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
 		var users = this.users;
 		return users.get(user_id).then(function (user) {
 			if (!user.hasPermission('admin'))
 			{
 				throw Api.err.UNAUTHORIZED;
 			}
 			return users.create(p_email, p_pass, p_perm);
 		}).then(function (user) {
 			return (''+ user.get('id'));
@ -250,27 +266,16 @@ Api.fn.user = {
 			throw Api.err.INVALID_PARAMS;
 		}
-		var user_id = session.get('user_id');
+		var users =  this.xo.users;
-		if (undefined === user_id)
+		return this.checkPermission(session, 'admin').then(function () {
-		{
+			return users.remove(p_id);
-			throw Api.err.UNAUTHORIZED;
+		}).then(function (success) {
-		}
+			if (!success)
 		var users = this.users;
 		return users.get(user_id).then(function (user) {
 			if (!user.hasPermission('admin'))
 			{
-				throw Api.err.UNAUTHORIZED;
+				throw Api.err.NO_SUCH_OBJECT;
 			}
-			return users.remove(p_id).then(function (success) {
+			return true;
 				if (!success)
 				{
 					throw Api.err.NO_SUCH_OBJECT;
 				}
 				return true;
 			});
 		});
 	},
@ -289,7 +294,7 @@ Api.fn.user = {
 		}
 		var user;
-		var users = this.users;
+		var users = this.xo.users;
 		return users.get(user_id).then(function (u) {
 			user = u;
@ -308,39 +313,44 @@ Api.fn.user = {
 	},
 	'getAll': function (session) {
-		var user_id = session.get('user_id');
+		var users = this.xo.users;
-		if (undefined === user_id)
+		return this.checkPermission(session, 'admin').then(function () {
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
 		var users = this.users;
 		return users.get(user_id).then(function (user) {
 			if (!user.hasPermission('admin'))
 			{
 				throw Api.err.UNAUTHORIZED;
 			}
 			return users.where();
 		}).then(function (all_users) {
-			_.each(all_users, function (user, i) {
+			for (var i = 0, n = all_users.length; i < n; ++i)
-				all_users[i] = _.pick(user, 'id', 'email', 'permission');
+			{
-			});
+				all_users[i] = _.pick(
 					all_users[i],
 					'id', 'email', 'permission'
 				);
 			}
 			return all_users;
 		});
 	},
 	'set': function (session, request) {
 		var p_id = request.params.id;
 		var p_email = request.params.email;
 		var p_password = request.params.password;
 		var p_permission = request.params.permission;
 		/* jshint laxbreak: true */
 		if ((undefined === p_id)
 			|| ((undefined === p_email)
 				&& (undefined === p_password)
 				&& (undefined === p_permission)))
 		{
 			throw Api.err.INVALID_PARAMS;
 		}
 		var user_id = session.get('user_id');
 		if (undefined === user_id)
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
-		var p_email, p_password, p_permission;
+		var users = this.xo.users;
 		var users = this.users;
 		return users.get(user_id).then(function (user) {
 			// Get the current user to check its permission.
@ -350,19 +360,6 @@ Api.fn.user = {
 				throw Api.err.UNAUTHORIZED;
 			}
 			var p_id = request.params.id;
 			p_email = request.params.email;
 			p_password = request.params.password;
 			p_permission = request.params.permission;
 			/* jshint laxbreak: true */
 			if ((undefined === p_id)
 				|| ((undefined === p_email)
 					&& (undefined === p_password)
 					&& (undefined === p_permission)))
 			{
 				throw Api.err.INVALID_PARAMS;
 			}
 			// @todo Check there are no invalid parameter.
@ -407,7 +404,7 @@ Api.fn.token = {
 		// @todo Token permission.
-		return this.tokens.generate(user_id).then(function (token) {
+		return this.xo.tokens.generate(user_id).then(function (token) {
 			return token.get('id');
 		});
 	},
@ -415,7 +412,7 @@ Api.fn.token = {
 	'delete': function (session, req) {
 		var p_token = req.params.token;
-		var tokens = this.tokens;
+		var tokens = this.xo.tokens;
 		return tokens.get(p_token).then(function (token) {
 			if (!token)
 			{
@ -441,19 +438,8 @@ Api.fn.server = {
 			throw Api.err.INVALID_PARAMS;
 		}
-		var user_id = session.get('user_id');
+		var servers = this.xo.servers;
-		if (undefined === user_id)
+		return this.checkPermission(session, 'admin').then(function () {
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
 		var servers = this.servers;
 		return this.users.get(user_id).then(function (user) {
 			if (!user.hasPermission('admin'))
 			{
 				throw Api.err.UNAUTHORIZED;
 			}
 			// @todo We are storing passwords which is bad!
 			// Can we use tokens instead?
 			return servers.add({
@ -476,19 +462,8 @@ Api.fn.server = {
 			throw Api.err.INVALID_PARAMS;
 		}
-		var user_id = session.get('user_id');
+		var servers = this.xo.servers;
-		if (undefined === user_id)
+		return this.checkPermission(session, 'admin').then(function () {
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
 		var servers = this.servers;
 		return this.users.get(user_id).then(function (user) {
 			if (!user.hasPermission('admin'))
 			{
 				throw Api.err.UNAUTHORIZED;
 			}
 			return servers.remove(p_id);
 		}).then(function(success) {
 			if (!success)
@ -501,19 +476,8 @@ Api.fn.server = {
 	},
 	'getAll': function (session) {
-		var user_id = session.get('user_id');
+		var servers = this.xo.servers;
-		if (undefined === user_id)
+		return this.checkPermission(session, 'admin').then(function () {
 		{
 			throw Api.err.UNAUTHORIZED;
 		}
 		var servers = this.servers;
 		return this.users.get(user_id).then(function (user) {
 			if (!user.hasPermission('admin'))
 			{
 				throw Api.err.UNAUTHORIZED;
 			}
 			return servers.where();
 		}).then(function (all_servers) {
 			_.each(all_servers, function (server, i) {