Authorization for accessing application pages

[Hasan A Yousef]

Hi Peter,

I downloaded your authorization example at: https://github.com/petersirka/partial.js/tree/master/examples/authorization

and added to it both partials.js and modules / authorization.js

but still can not get the app running to dive through it, I got the attached err msg.

What shall I do else, to get it running.

Thanks,

Hasan

[Peter Širka]

Hi Hasan,

I know ... today I published new version: https://github.com/petersirka/partial.js/blob/master/changes.txt

Please download new version of partial.js.

NEWS: http://www.youtube.com/watch?v=-Y3LC2QmGpQ

Thanks!

[Hasan A Yousef]

Thanks Peter.

so, if I understood correctly, I need to define the route as:

framework.route('/route', fn, ['logged']);

and it will automatically check for authorization, no need to write anything else in the related route function.

I tried:framework.route('/test', view_test); and it showed the page though I'm not logged in.

I tried: framework.route('/test', view_test, ['logged']); which show 404 not found, if I;m not logged on, and showed the correct page if I'm logged on.

Regards,

Hasan

[Peter Širka]

I wrote similar example and it works.

Example in attachment.

Thanks!

[Hasan Yousef]

Thanks, it is clear now.

Another point, is there some kind if page redirect based on authorization level, for example, of the user is Admin, then Admin homepage to be opened, if normal user, then normal user homepage will open, if manager, then manager homepage will open, ... and so on.

Is there something in the framework could help, like:

    framework.route('/test/', view_index_logged, ['logged','Admin']);

or shall I write normal if/switch statement in the main route, that check for the user type, and redirect accordingly.

Regards,

Hasan

[Peter Širka]

I added a new feature:

https://github.com/petersirka/partial.js-modules/tree/master/authorization#how-to-use-roles

I quietly re-updated partial.js because of you :-)

- you must download partial.js from NPM anew

- or download from https://github.com/petersirka/partial.js/releases

Thanks :)

[Hasan A Yousef]

Deeply appreciated Peter.

I could not know how to combine it along with the authorization and noSQL :(

Can you pls make simple example, of 2 users in the noSQL database, one is Admin who is authorized to access the admin page, the other is normal user, who is authorized to access "user" page.... the user who is not logged in cn not access any.

sorry if I'm demanding :)

Best  regards,

Hasan

[Hasan A Yousef]

Hi Peter,,

Wish you a happy new year, and full of joy with you family.

I wrote the below code, that give the display in the attached, the initial look could appear as fine, but in real there are 2 issues I'm facing:

1. the application is log on for all, what ever the user id entered is,

2. the self.view('home'); after the authorization is not executed.

exports.install = function(framework) {

framework.route('/', view_homepage);

framework.route('/', login, ['POST']); 

    framework.route('/home/', view_index_logged, ['logged']);

    framework.route('/home/', view_index_unlogged);

    framework.route('/logoff/', redirect_logoff);

};

function redirect_logoff() {

    var self = this;

    var auth = self.module('authorization');

    var user = self.user;

    if (user !== null) {

        console.log('USER -> LOGOFF:', user.id);

        auth.logoff(self, self.user.id);

    } 

   self.view('loggedoff');

}

function view_homepage() {

var self = this;

self.view('homepage');

}

function login() {

var self = this;

var auth = self.module('authorization');

var id = self.get.id;

var email = self.get.email;

var role= self.get.role;

var user = {id: id, email: email, role:role};

console.log('user id: ',user.id,', user email: ',user.email,', user role: ',user.role);

    console.log('Checking Authorization of user id: ',user.id);

    // login

    if(auth.login(self, user.id,user))

    {

        console.log('USER -> LOGIN:', user.id);   --> executed

        self.view('home');                        --> not executed

    }

    else

        console.log('not logged');

}

function view_index_logged() {

    var self = this;

    console.log('VIEW: logged');

    self.view('home');

}

function view_index_unlogged() {

    var self = this;

    console.log('VIEW: unlogged');

    self.view('homepage');

}

the authorizations.js code is as below:

framework.once('load', function() {

    

    var self = this;

    var auth = self.module('authorization');

    auth.onAuthorization = function(id, callback) {

           callback({id: '1', user: 'Hasan Yousef' });        

    };

})

hope you have some time to look into this and advise.

Regards,

Hasan

[Peter Širka]

Havan you have problem in:

framework.once('load', function() {

    

    var self = this;

    var auth = self.module('authorization');

    auth.onAuthorization = function(id, callback) {

           callback({id: '1', user: 'Hasan Yousef' });        

    };

})

You're executing in each time callback() with USER ... therefore you're still online.

Read here (search "in practice"):

https://github.com/petersirka/partial.js-modules/tree/master/authorization#definitionsauthorizationjs

Do you understand?

[Peter Širka]

I forgotten:

I wish you a happy new year and best wishes for 2014 :-)

[Hasan A Yousef]

Thanks for your wishes Peter..

well, I tried the below code, as alternate of reading teh data from database, and gave me the same :(

        var user={id:'1',name:'Hasan'}

                if (self.id === '1') {

                        callback(false);

                        return;

                }

                callback(true, user);

[Peter Širka]

Ouu f*ck... Sorry...

Please send me your example on my e-mail.

[Hasan A Yousef]

Done, email sent.

[Hasan A Yousef]

Thanks alot Peter.

I'm uploading the files here, in case any of Partialjs fans liked to get use of it.

[Hasan A Yousef]

Hi Peter,

Is there a way to make the FLAGS dynamic, so instead of writing many parameters in the controller, we write simple word:

example,

existing statement

    framework.route('/home/', view_index_logged, ['logged', '!admin', '!moderator']);

 Required statement, something like:

    index_logged_flags = {'logged', '!admin', '!moderator'};
    framework.route('/home/', view_index_logged, [index_logged_flags]);

Objective:

I want to give the user, the flexibility to create/define new roles, where and assign different functionalists / controllers for each role.

Regards,

Hasan 

[Peter Širka]

Hi Hasan,

yes it's possible:

var index_logged_flags = ['logged', '!admin', '!moderator'];
framework.route('/home/', view_index_logged, index_logged_flags);

Thanks :-)

[Hasan A Yousef]

Great;;

well, can it be dynamic,, what I want to do is:

1. controller

framework.route('/user/add', add_user, add_user_flags);

2. another controller, or function, or whatever, that is able to inject the add_user_flags in the controllers

the details of my app are:

in the data base, I've a table like below:

col1: user_id

col2: user_pswd

col3: role

col4: authorized_functions (multiple)

ex:

role: manager

authorized_functions: add_users, edit_users, delete_users

role: supervisor

authorized_functions: add_users, edit_users

role: assistant

authorized_functions: add_users

in the node app, need to do the following:

for all (roles)

if (authorized_functions) = add_user

add_user_flags = add_user_flags + role

any guides pls :)

thanks

[Peter Širka]

Mhhh .... yes ... all roles are stored in the route.

framework.routes.web.forEach(function(route) {
    if (route.flags.indexOf('!manager') === -1)
        route.flags.push('!manager');
});

So you must find your route :-)

Thanks.

[Hasan A Yousef]

:) so, how to find the route!

I wrote the following code, but got the below error

code:

exports.install = function(framework) {

    framework.route('/home/admin/', view_roles_admin, ['logged']);

};

framework.routes.web.forEach(function('/home/admin/') {

    if (route.flags.indexOf('!admin') === -1)

        route.flags.push('!admin');

});

Error:

framework.routes.web.forEach(function('/home/admin/') {

                                      ^^^^^^^^^^^^^^

SyntaxError: Unexpected string

[Peter Širka]

framework.routes.web.forEach(function(o) {
    var url = o.url.join('/');
    if (o.name === 'controller-name' ||
        url === '/' || url === '/contact') {
        // condition === true
       console.log('OK');
    }
});

[Hasan A Yousef]

Hi Peter

I'm trying to check the authorization using SQL statement, so I replaced the code you provide by the below, but looks I stuck and need you help:

I wrote thisL

    var connection = self.database();

    connection.connect(function(err){if(err != null) {self.view500(err);return;}

        connection.query('SELECT * FROM users', function(err, user) {

            if (err != null) {self.view500(err);}

            else {console.log('below are the users: ',user.rowCount);

                for(var i=0;i<user.rowCount;i++){

                    if(user.rows[i].email === id && user.rows[i].pswd === password){

                        console.log('Found:', user.rows[i].email);

                        auth.login(self, user.rows[i].email, user.rows);

                    }

                }

              }

            connection.end();           

        });

    });

instead of this:

    var filter = function(doc) {

        return doc.email === id && doc.password === password;

    };

    self.database('users').one(filter, function(user) {

        

        console.log('Checking Authorization of user id:', id);

        

        if (user !== null) {

            console.log('Found:', user);

            auth.login(self, user.id, user);

        }

        self.json({ success: user !== null });

    });

and did no know what shall i do in the authorization.js instead of this:

auth.onAuthorization = function(id, callback) {

   var filter = function(doc) {

       return doc.id === id;

   };

   framework.database('users').one(filter, function(user) {

        callback(user);

   });

};

Thanks

[Hasan A Yousef]

Attached the file I'm working with, andgot error:

Cannot call method 'database' of undefined

[Hasan A Yousef]

Hi Peter,

Any update on this pls, considering the new authorization in the new version.

thanks,

Hasan

[Peter Širka]

Hi Hasan,

You have a problem because you are using partial.js and not total.js:

var framework = require('partial.js');
var http = require('http');

var port = 8004;
var debug = true;

framework.run(http, debug, port);
console.log("http://{0}:{1}/".format(framework.ip, framework.port));

Everything works.

[Hasan A Yousef]

Thanks Peter.

Attached revised app for authorization with roles considerations.