From d84a282bb39d76a404c1afad0fcae96cbede029c Mon Sep 17 00:00:00 2001 From: Paul Rodwell Date: Wed, 30 Nov 2016 10:29:38 +0000 Subject: [PATCH 1/3] initial look at indicating if user is not the owner this does not fully work as the server does not update `isOwner` in the client when the user authenticates. --- client/security.coffee | 8 +++++++- client/style.css | 4 ++-- server/social.coffee | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/client/security.coffee b/client/security.coffee index 07bb0cc..ff17c28 100644 --- a/client/security.coffee +++ b/client/security.coffee @@ -51,7 +51,13 @@ update_footer = (ownerName, isAuthenticated) -> $('footer > #security').empty() if isAuthenticated - $('footer > #security').append "" + if isOwner + logoutTitle = "Sign-out" + logoutIconClass = '' + else + logoutTitle = "Not Owner : Sign-out" + logoutIconClass = 'notOwner' + $('footer > #security').append "" $('footer > #security > #logout').click (e) -> e.preventDefault() myInit = { diff --git a/client/style.css b/client/style.css index 66809b9..01daf55 100644 --- a/client/style.css +++ b/client/style.css @@ -8,6 +8,6 @@ color: floralwhite; } -#isOwner { - color: green; +.notOwner { + transform: rotate(20deg); } diff --git a/server/social.coffee b/server/social.coffee index 961aea3..98ca066 100644 --- a/server/social.coffee +++ b/server/social.coffee @@ -133,6 +133,7 @@ module.exports = exports = (log, loga, argv) -> else try idProvider = _.head(_.keys(req.session.passport.user)) + console.log 'idProvider: ', idProvider switch idProvider when 'github', 'google', 'twitter' if _.isEqual(owner[idProvider].id, req.session.passport.user[idProvider].id) From 71cd00b86abef128fe13fe49b517ded749bef220 Mon Sep 17 00:00:00 2001 From: Paul Rodwell Date: Fri, 21 Sep 2018 17:45:59 +0100 Subject: [PATCH 2/3] lock only open if the user is the owner lock remains closed, and rotated when logged in but not the wiki owner. --- client/security.coffee | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/security.coffee b/client/security.coffee index ff17c28..905a7a3 100644 --- a/client/security.coffee +++ b/client/security.coffee @@ -53,11 +53,11 @@ update_footer = (ownerName, isAuthenticated) -> if isAuthenticated if isOwner logoutTitle = "Sign-out" - logoutIconClass = '' + logoutIconClass = 'fa fa-unlock fa-lg fa-fw' else logoutTitle = "Not Owner : Sign-out" - logoutIconClass = 'notOwner' - $('footer > #security').append "" + logoutIconClass = 'fa fa-lock fa-lg fa-fw notOwner' + $('footer > #security').append "" $('footer > #security > #logout').click (e) -> e.preventDefault() myInit = { From ed5061e9e51141780868e8a849c4c787902a0ef4 Mon Sep 17 00:00:00 2001 From: Paul Rodwell Date: Sun, 23 Sep 2018 18:37:43 +0100 Subject: [PATCH 3/3] add isOwner to the client settings so we can check if the user is the owner --- client/security.coffee | 11 ++++++++++- server/social.coffee | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/client/security.coffee b/client/security.coffee index 905a7a3..9ded753 100644 --- a/client/security.coffee +++ b/client/security.coffee @@ -173,7 +173,16 @@ setup = (user) -> switch document.cookie.match('(?:^|;)\\s?state=(.*?)(?:;|$)')[1] when 'loggedIn' then window.isAuthenticated = true when 'loggedOut' then window.isAuthenticated = false - update_footer ownerName, isAuthenticated + myInit = { + method: 'GET' + cache: 'no-cache' + mode: 'same-origin' + } + fetch '/auth/client-settings.json', myInit + .then (response) -> + response.json().then (json) -> + window.isOwner = json.isOwner + update_footer ownerName, isAuthenticated lastCookie = currentCookie , 100 diff --git a/server/social.coffee b/server/social.coffee index 98ca066..20a7ac7 100644 --- a/server/social.coffee +++ b/server/social.coffee @@ -306,6 +306,10 @@ module.exports = exports = (log, loga, argv) -> } if wikiHost settings.wikiHost = wikiHost + if isAuthorized(req) and owner isnt '' + settings.isOwner = true + else + settings.isOwner = false res.json settings app.get '/auth/loginDialog', (req, res) ->