Add authorization to user-notification and entity-permission (WIP)

Author: tschaffter

client/app/app.component.ts

@@ -2,7 +2,6 @@ import { Component, OnInit, ViewChild, AfterViewInit } from '@angular/core';
 import { MatSidenav } from '@angular/material/sidenav';
 import { SecondarySidenavComponent } from 'components/sidenav/secondary-sidenav/secondary-sidenav.component';
 import { SecondarySidenavService } from 'components/sidenav/secondary-sidenav/secondary-sidenav.service';
-import { UserNotificationDataService } from 'components/user-notification/user-notification-data.service';
 import { PageTitleService } from 'components/page-title/page-title.service';
 
 @Component({
@@ -26,7 +25,7 @@ import { PageTitleService } from 'components/page-title/page-title.service';
             <app-secondary-sidenav #secondarySidenavContent></app-secondary-sidenav>
         </mat-sidenav>
     </mat-sidenav-container>`,
-    providers: [UserNotificationDataService, PageTitleService],
+    providers: [PageTitleService],
 })
 export class AppComponent implements OnInit, AfterViewInit {
     @ViewChild('secondarySidenav', { static: true }) private secondarySidenav: MatSidenav;

client/components/page-title/page-title.service.ts

@@ -1,20 +1,16 @@
 import { Injectable, OnDestroy } from '@angular/core';
 import { Title } from '@angular/platform-browser';
 import { BehaviorSubject, combineLatest, Subscription } from 'rxjs';
-import { map } from 'rxjs/operators';
-import { UserNotificationDataService } from 'components/user-notification/user-notification-data.service';
 
 @Injectable()
 export class PageTitleService implements OnDestroy {
     private title: BehaviorSubject<string> = new BehaviorSubject<string>('');
+    private numNotifications: BehaviorSubject<number> = new BehaviorSubject<number>(0);
     private subscription: Subscription;
 
-    static parameters = [Title, UserNotificationDataService];
-    constructor(private bodyTitle: Title, private userNotificationDataService: UserNotificationDataService) {
-        combineLatest(
-            this.title,
-            this.userNotificationDataService.notifications().pipe(map(notifications => notifications.length))
-        ).subscribe(
+    static parameters = [Title];
+    constructor(private bodyTitle: Title) {
+        combineLatest(this.title, this.numNotifications).subscribe(
             ([title, numNotifications]) => {
                 title = title !== '' ? `${title} | ` : '';
                 let notification = numNotifications > 0 ? `(${numNotifications}) ` : '';
@@ -33,4 +29,8 @@ export class PageTitleService implements OnDestroy {
     setTitle(title: string): void {
         this.title.next(title);
     }
+
+    setNumNotifications(numNotifications: number): void {
+        this.numNotifications.next(numNotifications);
+    }
 }

client/components/user-notification/user-notification-button/user-notification-button.component.ts

@@ -2,7 +2,8 @@ import { Component, OnInit } from '@angular/core';
 import { UserNotificationSidenavService } from '../user-notification-sidenav/user-notification-sidenav.service';
 import { UserNotificationDataService } from '../user-notification-data.service';
 import { Observable } from 'rxjs';
-import { map } from 'rxjs/operators';
+import { map, tap } from 'rxjs/operators';
+import { PageTitleService } from 'components/page-title/page-title.service';
 
 @Component({
     selector: 'user-notification-button',
@@ -12,16 +13,18 @@ import { map } from 'rxjs/operators';
 export class UserNotificationButtonComponent implements OnInit {
     private numNotifications$: Observable<number>; // used in html
 
-    static parameters = [UserNotificationDataService, UserNotificationSidenavService];
+    static parameters = [UserNotificationDataService, UserNotificationSidenavService, PageTitleService];
     constructor(
         private userNotificationDataService: UserNotificationDataService,
-        private userNotificationSidenavService: UserNotificationSidenavService
+        private userNotificationSidenavService: UserNotificationSidenavService,
+        private pageTitleService: PageTitleService
     ) {}
 
     ngOnInit() {
-        this.numNotifications$ = this.userNotificationDataService
-            .notifications()
-            .pipe(map(notifications => notifications.length));
+        this.numNotifications$ = this.userNotificationDataService.notifications().pipe(
+            tap(notifications => this.pageTitleService.setNumNotifications(notifications.length)),
+            map(notifications => notifications.length)
+        );
     }
 
     toggleNotifications(): void {

client/components/user-notification/user-notification-data.service.ts

@@ -13,14 +13,18 @@ export class UserNotificationDataService implements OnDestroy {
     static parameters = [SocketService, UserNotificationService];
     constructor(private socketService: SocketService, private userNotificationService: UserNotificationService) {
         this.notificationSocketModel = 'notifications';
+
         // TODO: Need an endpoint to get only the archived notifications
+        console.log('INIT NOTIFICATION DATA SERVICE');
         this.userNotificationService.queryNotifications({ archived: false }).subscribe(
             notifications => {
+                console.log('Number of unarchive notifications', notifications.length);
                 this.notifications_.next(notifications);
                 this.socketService.syncArraySubject(
                     this.notificationSocketModel,
                     this.notifications_,
                     (items: UserNotification[]) => {
+                        console.log('received notifications update from websockets');
                         // TODO: Remove when listening only to unarchive notifications
                         return flow(
                             filter<UserNotification>(n => !n.archived),

server/api/entity-permission/entity-permission.events.js

@@ -2,32 +2,32 @@
  * EntityPermission model events
  */
 
-import {EventEmitter} from 'events';
+import { EventEmitter } from 'events';
 var EntityPermissionEvents = new EventEmitter();
 
 // Set max event listeners (0 == unlimited)
 EntityPermissionEvents.setMaxListeners(0);
 
 // Model events
 var events = {
-  save: 'save',
-  remove: 'remove'
+    save: 'save',
+    remove: 'remove',
 };
 
 // Register the event emitter to the model events
 function registerEvents(EntityPermission) {
-  for(var e in events) {
-    let event = events[e];
-    EntityPermission.post(e, emitEvent(event));
-  }
+    for (var e in events) {
+        let event = events[e];
+        EntityPermission.post(e, emitEvent(event));
+    }
 }
 
 function emitEvent(event) {
-  return function(doc) {
-    EntityPermissionEvents.emit(event + ':' + doc._id, doc);
-    EntityPermissionEvents.emit(event, doc);
-  };
+    return function (doc) {
+        EntityPermissionEvents.emit(`${event}:${doc._id}`, doc);
+        EntityPermissionEvents.emit(event, doc);
+    };
 }
 
-export {registerEvents};
+export { registerEvents };
 export default EntityPermissionEvents;

server/api/entity-permission/entity-permission.socket.js

@@ -21,25 +21,23 @@ export function register(spark) {
 
 function createListener(namespace, event, spark) {
     return function (doc) {
-        // TODO Fix authorization
-        // authBase.canReadEntity(
-        //     spark.userId,
-        //     doc.entityId,
-        //     entityTypes.PROJECT.value,
-        //     doc.visibility,
-        //     Object.values(accessTypes).map(access => access.value),
-        //     [
-        //         inviteStatusTypes.ACCEPTED.value,
-        //         inviteStatusTypes.PENDING.value
-        //     ]
-        // )
-        //     .then(hasAccess => {
-                // if (hasAccess) {
-                    spark.emit(`${namespace}:${event}`, doc);
-                    spark.emit(`entity:${doc.entityId}:${namespace}:${event}`, doc);
-            //     }
-            // })
-            // .catch(err => console.error(`Unable to create listener: ${err}`));
+        // For now we only support entity-permission for PROJECT
+        // ENTITY-PERMISSION ARE NO LONGER USED AS NOTIFICATIONS (SEE NEW USER-NOTIFICATION).
+        // TODO Use authentication implementation from project api (no duplicated code)
+        if (doc.entityType === entityTypes.PROJECT.value) {
+            const isTargetUser = doc.user._id === spark.userId;
+            const isProjectAdmin = authBase.hasEntityPermission(
+                spark.userId,
+                doc.entityId,
+                entityTypes.PROJECT.value,
+                [accessTypes.ADMIN.value],
+                [inviteStatusTypes.ACCEPTED.value]
+            );
+            if (isTargetUser || isProjectAdmin) {
+                spark.emit(`${namespace}:${event}`, doc);
+                spark.emit(`entity:${doc.entityId}:${namespace}:${event}`, doc);
+            }
+        }
     };
 }
 

server/api/user-notification/user-notification.socket.js

@@ -19,7 +19,13 @@ export function register(spark) {
 
 function createListener(event, spark) {
     return doc => {
-        spark.emit(event, doc);
+        console.log('Could emit user notification', doc._id);
+        console.log('doc.user._id', doc.user._id);
+        console.log('spark.userId', spark.userId);
+        if (doc && doc.user._id.toString() === spark.userId) {
+            console.log('EMITTING USER NOTIFICATION', doc);
+            spark.emit(event, doc);
+        }
     };
 }
 

server/config/seeds/development/entity-notifications.js

@@ -3,21 +3,23 @@ import { adminUserId, testUserId } from './users';
 
 import { notificationTypes, entityTypes } from '../../environment/shared';
 
-let entityNotifications = [{
-    notificationType: notificationTypes.ENTITY_NOTIFICATION.value,
-    user: testUserId,
-    createdBy: adminUserId,
-    archived: false,
-    entityId: report2Id,
-    entityType: entityTypes.INSIGHT.value
-},
-{
-    notificationType: notificationTypes.ENTITY_NOTIFICATION.value,
-    user: adminUserId,
-    createdBy: testUserId,
-    archived: false,
-    entityId: report3Id,
-    entityType: entityTypes.INSIGHT.value
-}];
+let entityNotifications = [
+    {
+        notificationType: notificationTypes.ENTITY_NOTIFICATION.value,
+        user: testUserId,
+        createdBy: adminUserId,
+        archived: false,
+        entityId: report2Id,
+        entityType: entityTypes.INSIGHT.value,
+    },
+    {
+        notificationType: notificationTypes.ENTITY_NOTIFICATION.value,
+        user: adminUserId,
+        createdBy: testUserId,
+        archived: false,
+        entityId: report3Id,
+        entityType: entityTypes.INSIGHT.value,
+    },
+];
 
 export { entityNotifications };

server/config/seeds/development/message-notifications.js

@@ -6,14 +6,14 @@ let messageNotifications = [{
     user: adminUserId,
     createdBy: testUserId,
     archived: false,
-    messageBody: 'test message body'
+    messageBody: 'test message for admin'
 },
 {
     notificationType: notificationTypes.MESSAGE_NOTIFICATION.value,
     user: testUserId,
     createdBy: adminUserId,
     archived: false,
-    messageBody: 'test message 2'
+    messageBody: 'test message for test user'
 }];
 
 export { messageNotifications };