Add a check for the passed credentials agains the token in Acl
This commit is contained in:
parent
a9e9ac31e8
commit
7d664c8be7
19
bigbluebutton-html5/imports/api/acl/Acl.js
Normal file → Executable file
19
bigbluebutton-html5/imports/api/acl/Acl.js
Normal file → Executable file
@ -1,8 +1,7 @@
|
||||
import { check } from 'meteor/check';
|
||||
import deepMerge from '/imports/utils/deepMerge';
|
||||
|
||||
export class Acl {
|
||||
|
||||
export default class Acl {
|
||||
constructor(config, Users) {
|
||||
this.Users = Users;
|
||||
this.config = config;
|
||||
@ -12,11 +11,19 @@ export class Acl {
|
||||
check(permission, String);
|
||||
const permissions = this.getPermissions(credentials);
|
||||
|
||||
if (permissions) {
|
||||
return this.fetchPermission(permission, permissions);
|
||||
}
|
||||
return this.checkToken(credentials) && this.fetchPermission(permission, permissions);
|
||||
}
|
||||
|
||||
return false;
|
||||
checkToken(credentials) {
|
||||
const { meetingId, requesterUserId: userId, requesterToken: authToken } = credentials;
|
||||
|
||||
const User = this.Users.findOne({
|
||||
meetingId,
|
||||
userId,
|
||||
authToken,
|
||||
});
|
||||
|
||||
return !!User; // if he found a user means the meeting/user/token is valid
|
||||
}
|
||||
|
||||
fetchPermission(permission, permissions) {
|
||||
|
2
bigbluebutton-html5/imports/startup/acl.js
Normal file → Executable file
2
bigbluebutton-html5/imports/startup/acl.js
Normal file → Executable file
@ -1,6 +1,6 @@
|
||||
import { Meteor } from 'meteor/meteor';
|
||||
import Users from '/imports/api/2.0/users';
|
||||
import { Acl } from '/imports/api/acl/Acl';
|
||||
import Acl from '/imports/api/acl/Acl';
|
||||
|
||||
const AclSingleton = new Acl();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user