cartodb/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use authorizedByAPIKey middleware

Browse Source
This commit is contained in:
Daniel García Aubert 2017-12-29 12:34:50 +01:00
parent fda7661dad
commit e4ed6ee1cc
1 changed files with 10 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
lib/cartodb/controllers/named_maps_admin.js
View File

@ -24,6 +24,7 @@ NamedMapsAdminController.prototype.register = function (app) {
app.base_url_templated + '/',
cors(),
userMiddleware,
this.authorizedByAPIKey('create'),
this.create.bind(this)
);
@ -31,6 +32,7 @@ NamedMapsAdminController.prototype.register = function (app) {
app.base_url_templated + '/:template_id',
cors(),
userMiddleware,
this.authorizedByAPIKey('update'),
this.update.bind(this)
);
@ -38,6 +40,7 @@ NamedMapsAdminController.prototype.register = function (app) {
app.base_url_templated + '/:template_id',
cors(),
userMiddleware,
this.authorizedByAPIKey('get'),
this.retrieve.bind(this)
);
@ -45,6 +48,7 @@ NamedMapsAdminController.prototype.register = function (app) {
app.base_url_templated + '/:template_id',
cors(),
userMiddleware,
this.authorizedByAPIKey('delete'),
this.destroy.bind(this)
);
@ -52,6 +56,7 @@ NamedMapsAdminController.prototype.register = function (app) {
app.base_url_templated + '/',
cors(),
userMiddleware,
this.authorizedByAPIKey('list'),
this.list.bind(this)
);
@ -67,12 +72,7 @@ NamedMapsAdminController.prototype.create = function(req, res, next) {
var cdbuser = res.locals.user;
step(
function checkPerms(){
self.authApi.authorizedByAPIKey(cdbuser, req, this);
},
function addTemplate(err, authenticated) {
assert.ifError(err);
ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');
function addTemplate() {
ifInvalidContentType(req, 'template POST data must be of type application/json');
var cfg = req.body;
self.templateMaps.addTemplate(cdbuser, cfg, this);
@ -93,12 +93,7 @@ NamedMapsAdminController.prototype.update = function(req, res, next) {
var tpl_id;
step(
function checkPerms(){
self.authApi.authorizedByAPIKey(cdbuser, req, this);
},
function updateTemplate(err, authenticated) {
assert.ifError(err);
ifUnauthenticated(authenticated, 'Only authenticated user can update templated maps');
function updateTemplate() {
ifInvalidContentType(req, 'template PUT data must be of type application/json');
template = req.body;
@ -122,13 +117,7 @@ NamedMapsAdminController.prototype.retrieve = function(req, res, next) {
var cdbuser = res.locals.user;
var tpl_id;
step(
function checkPerms(){
self.authApi.authorizedByAPIKey(cdbuser, req, this);
},
function getTemplate(err, authenticated) {
assert.ifError(err);
ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');
function getTemplate() {
tpl_id = templateName(req.params.template_id);
self.templateMaps.getTemplate(cdbuser, tpl_id, this);
},
@ -156,13 +145,7 @@ NamedMapsAdminController.prototype.destroy = function(req, res, next) {
var cdbuser = res.locals.user;
var tpl_id;
step(
function checkPerms(){
self.authApi.authorizedByAPIKey(cdbuser, req, this);
},
function deleteTemplate(err, authenticated) {
assert.ifError(err);
ifUnauthenticated(authenticated, 'Only authenticated users can delete template maps');
function deleteTemplate() {
tpl_id = templateName(req.params.template_id);
self.templateMaps.delTemplate(cdbuser, tpl_id, this);
},
@ -181,13 +164,7 @@ NamedMapsAdminController.prototype.list = function(req, res, next) {
var cdbuser = res.locals.user;
step(
function checkPerms(){
self.authApi.authorizedByAPIKey(cdbuser, req, this);
},
function listTemplates(err, authenticated) {
assert.ifError(err);
ifUnauthenticated(authenticated, 'Only authenticated user can list templated maps');
function listTemplates() {
self.templateMaps.listTemplates(cdbuser, this);
},
function prepareResponse(err, tpl_ids){