bigbluebutton-Github/bigbluebutton-html5/imports/api/acl/Acl.js


import { Meteor } from 'meteor/meteor';
import { check } from 'meteor/check';
import deepMerge from '/imports/utils/deepMerge';

export default class Acl {
  constructor(config, Users) {
    this.Users = Users;
    this.config = config;
  }

  can(permission, credentials) {
    check(permission, String);
    const permissions = this.getPermissions(credentials);

    return this.checkToken(credentials) && this.fetchPermission(permission, permissions);
  }

  checkToken(credentials) {
    // skip token check in client `can` calls since we dont have the authToken in the collection
    if (!Meteor.isServer) return true;

    const { meetingId, requesterUserId: userId, requesterToken: authToken } = credentials;

    const User = this.Users.findOne({
      meetingId,
      userId,
      authToken,
      validated: true,
      connectionStatus: 'online',
      // TODO: We cant check for approved until we move subscription login out of <Base />
      // approved: true,
    });

    return !!User; // if he found a user means the meeting/user/token is valid
  }

  fetchPermission(permission, permissions) {
    if (!permission) return false;

    if (Match.test(permissions, String)) {
      return permissions.indexOf(permission) > -1;
    } else if (Match.test(permissions, Array)) {
      return permissions.some(internalAcl => (this.fetchPermission(permission, internalAcl)));
    } else if (Match.test(permissions, Object)) {
      if (permission.indexOf('.') > -1) {
        return this.fetchPermission(
          permission.substring(permission.indexOf('.') + 1),
          permissions[permission.substring(0, permission.indexOf('.'))],
        );
      }
      return permissions[permission];
    }
    return false;
  }

  getPermissions(credentials) {
    if (!credentials) {
      return false;
    }

    const { meetingId, requesterUserId: userId } = credentials;

    const user = this.Users.findOne({
      meetingId,
      userId,
    });

    const containRole = Acl.containsRole(user);

    if (containRole) {
      const { roles } = user;
      let permissions = {};

      roles.forEach((role) => {
        // There is a big issue here, if we just send the content from the this.config
        // inside the deepMerge, we change both permissions and the config.
        // Couldn't find a better way to prevent the changing.
        // The problems occurs in the `sources.shift()`.
        permissions = deepMerge(permissions, JSON.parse(JSON.stringify(this.config[role])));
      });

      return permissions;
    }
    return false;
  }

  static containsRole(user) {
    return Match.test(user, Object) &&
      Match.test(user.roles, Array);
  }
}
Skip checkToken in client calls 2017-10-10 02:53:45 +08:00
			`import { Meteor } from 'meteor/meteor';`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00			`import { check } from 'meteor/check';`
			`import deepMerge from '/imports/utils/deepMerge';`

Add a check for the passed credentials agains the token in Acl 2017-10-09 20:49:07 +08:00			`export default class Acl {`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00			`constructor(config, Users) {`
			`this.Users = Users;`
			`this.config = config;`
			`}`

			`can(permission, credentials) {`
			`check(permission, String);`
			`const permissions = this.getPermissions(credentials);`

Add a check for the passed credentials agains the token in Acl 2017-10-09 20:49:07 +08:00			`return this.checkToken(credentials) && this.fetchPermission(permission, permissions);`
			`}`

			`checkToken(credentials) {`
Skip checkToken in client calls 2017-10-10 02:53:45 +08:00			// skip token check in client `can` calls since we dont have the authToken in the collection
			`if (!Meteor.isServer) return true;`

Add a check for the passed credentials agains the token in Acl 2017-10-09 20:49:07 +08:00			`const { meetingId, requesterUserId: userId, requesterToken: authToken } = credentials;`

			`const User = this.Users.findOne({`
			`meetingId,`
			`userId,`
			`authToken,`
Add check for connection and validated status. Fix #5152 2018-02-20 22:37:17 +08:00			`validated: true,`
			`connectionStatus: 'online',`
Fix reconnecting users being redirected to /logout 2018-03-17 03:22:27 +08:00			`// TODO: We cant check for approved until we move subscription login out of <Base />`
			`// approved: true,`
Add a check for the passed credentials agains the token in Acl 2017-10-09 20:49:07 +08:00			`});`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00
Add a check for the passed credentials agains the token in Acl 2017-10-09 20:49:07 +08:00			`return !!User; // if he found a user means the meeting/user/token is valid`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00			`}`

			`fetchPermission(permission, permissions) {`
			`if (!permission) return false;`

			`if (Match.test(permissions, String)) {`
			`return permissions.indexOf(permission) > -1;`
			`} else if (Match.test(permissions, Array)) {`
			`return permissions.some(internalAcl => (this.fetchPermission(permission, internalAcl)));`
			`} else if (Match.test(permissions, Object)) {`
			`if (permission.indexOf('.') > -1) {`
Add check for connection and validated status. Fix #5152 2018-02-20 22:37:17 +08:00			`return this.fetchPermission(`
			`permission.substring(permission.indexOf('.') + 1),`
			`permissions[permission.substring(0, permission.indexOf('.'))],`
			`);`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00			`}`
			`return permissions[permission];`
			`}`
			`return false;`
			`}`

			`getPermissions(credentials) {`
			`if (!credentials) {`
			`return false;`
			`}`

Add check for connection and validated status. Fix #5152 2018-02-20 22:37:17 +08:00			`const { meetingId, requesterUserId: userId } = credentials;`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00
			`const user = this.Users.findOne({`
			`meetingId,`
			`userId,`
			`});`

Add check to undefined role 2017-06-07 21:02:31 +08:00			`const containRole = Acl.containsRole(user);`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00
Add check to undefined role 2017-06-07 21:02:31 +08:00			`if (containRole) {`
Add check for connection and validated status. Fix #5152 2018-02-20 22:37:17 +08:00			`const { roles } = user;`
Add check to undefined role 2017-06-07 21:02:31 +08:00			`let permissions = {};`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00
Add check to undefined role 2017-06-07 21:02:31 +08:00			`roles.forEach((role) => {`
Fix inconsistency inside the ACL, #4310 2017-08-29 03:47:54 +08:00			`// There is a big issue here, if we just send the content from the this.config`
			`// inside the deepMerge, we change both permissions and the config.`
			`// Couldn't find a better way to prevent the changing.`
			// The problems occurs in the `sources.shift()`.
			`permissions = deepMerge(permissions, JSON.parse(JSON.stringify(this.config[role])));`
Add check to undefined role 2017-06-07 21:02:31 +08:00			`});`

			`return permissions;`
			`}`
			`return false;`
			`}`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00
Add check to undefined role 2017-06-07 21:02:31 +08:00			`static containsRole(user) {`
			`return Match.test(user, Object) &&`
Fix inconsistency inside the ACL, #4310 2017-08-29 03:47:54 +08:00			`Match.test(user.roles, Array);`
Add stuff from 2.x 2017-06-19 21:13:35 +08:00			`}`
			`}`