diff --git a/lib/cartodb/controllers/named_maps_admin.js b/lib/cartodb/controllers/named_maps_admin.js index 8fcaaac0..87259f7e 100644 --- a/lib/cartodb/controllers/named_maps_admin.js +++ b/lib/cartodb/controllers/named_maps_admin.js @@ -24,6 +24,7 @@ NamedMapsAdminController.prototype.register = function (app) { app.base_url_templated + '/', cors(), userMiddleware, + this.authorizedByAPIKey('create'), this.create.bind(this) ); @@ -31,6 +32,7 @@ NamedMapsAdminController.prototype.register = function (app) { app.base_url_templated + '/:template_id', cors(), userMiddleware, + this.authorizedByAPIKey('update'), this.update.bind(this) ); @@ -38,6 +40,7 @@ NamedMapsAdminController.prototype.register = function (app) { app.base_url_templated + '/:template_id', cors(), userMiddleware, + this.authorizedByAPIKey('get'), this.retrieve.bind(this) ); @@ -45,6 +48,7 @@ NamedMapsAdminController.prototype.register = function (app) { app.base_url_templated + '/:template_id', cors(), userMiddleware, + this.authorizedByAPIKey('delete'), this.destroy.bind(this) ); @@ -52,6 +56,7 @@ NamedMapsAdminController.prototype.register = function (app) { app.base_url_templated + '/', cors(), userMiddleware, + this.authorizedByAPIKey('list'), this.list.bind(this) ); @@ -67,12 +72,7 @@ NamedMapsAdminController.prototype.create = function(req, res, next) { var cdbuser = res.locals.user; step( - function checkPerms(){ - self.authApi.authorizedByAPIKey(cdbuser, req, this); - }, - function addTemplate(err, authenticated) { - assert.ifError(err); - ifUnauthenticated(authenticated, 'Only authenticated users can get template maps'); + function addTemplate() { ifInvalidContentType(req, 'template POST data must be of type application/json'); var cfg = req.body; self.templateMaps.addTemplate(cdbuser, cfg, this); @@ -93,12 +93,7 @@ NamedMapsAdminController.prototype.update = function(req, res, next) { var tpl_id; step( - function checkPerms(){ - self.authApi.authorizedByAPIKey(cdbuser, req, this); - }, - function updateTemplate(err, authenticated) { - assert.ifError(err); - ifUnauthenticated(authenticated, 'Only authenticated user can update templated maps'); + function updateTemplate() { ifInvalidContentType(req, 'template PUT data must be of type application/json'); template = req.body; @@ -122,13 +117,7 @@ NamedMapsAdminController.prototype.retrieve = function(req, res, next) { var cdbuser = res.locals.user; var tpl_id; step( - function checkPerms(){ - self.authApi.authorizedByAPIKey(cdbuser, req, this); - }, - function getTemplate(err, authenticated) { - assert.ifError(err); - ifUnauthenticated(authenticated, 'Only authenticated users can get template maps'); - + function getTemplate() { tpl_id = templateName(req.params.template_id); self.templateMaps.getTemplate(cdbuser, tpl_id, this); }, @@ -156,13 +145,7 @@ NamedMapsAdminController.prototype.destroy = function(req, res, next) { var cdbuser = res.locals.user; var tpl_id; step( - function checkPerms(){ - self.authApi.authorizedByAPIKey(cdbuser, req, this); - }, - function deleteTemplate(err, authenticated) { - assert.ifError(err); - ifUnauthenticated(authenticated, 'Only authenticated users can delete template maps'); - + function deleteTemplate() { tpl_id = templateName(req.params.template_id); self.templateMaps.delTemplate(cdbuser, tpl_id, this); }, @@ -181,13 +164,7 @@ NamedMapsAdminController.prototype.list = function(req, res, next) { var cdbuser = res.locals.user; step( - function checkPerms(){ - self.authApi.authorizedByAPIKey(cdbuser, req, this); - }, - function listTemplates(err, authenticated) { - assert.ifError(err); - ifUnauthenticated(authenticated, 'Only authenticated user can list templated maps'); - + function listTemplates() { self.templateMaps.listTemplates(cdbuser, this); }, function prepareResponse(err, tpl_ids){