server/services/group-with-policy-service.js

   1 'use strict';
   2
   3 var assert = require('assert');
   4 var StatusError = require('statuserror');
   5 var ensureAccessAndFetchDescriptor = require('gitter-web-permissions/lib/ensure-access-and-fetch-descriptor');
   6 var debug = require('debug')('gitter:app:group-with-policy-service');
   7 var roomService = require('gitter-web-rooms');
   8 var secureMethod = require('gitter-web-utils/lib/secure-method');
   9 var validateRoomName = require('gitter-web-validators/lib/validate-room-name');
  10 var validateProviders = require('gitter-web-validators/lib/validate-providers');
  11 var troupeService = require('gitter-web-rooms/lib/troupe-service');
  12 var groupService = require('gitter-web-groups/lib/group-service');
  13
  14 /**
  15  * @private
  16  */
  17 function validateRoomSecurity(type, security) {
  18   if (type === 'GROUP' && security === 'INHERITED') {
  19     return true;
  20   }
  21
  22   if (security === 'PUBLIC' || security === 'PRIVATE') {
  23     return true;
  24   }
  25
  26   return false;
  27 }
  28
  29 function allowAdmin() {
  30   return this.policy.canAdmin();
  31 }
  32
  33 function GroupWithPolicyService(group, user, policy) {
  34   assert(group, 'Group required');
  35   assert(policy, 'Policy required');
  36   this.group = group;
  37   this.user = user;
  38   this.policy = policy;
  39 }
  40
  41 /**
  42  * Allow admins to create a new room
  43  * @return {Promise} Promise of room
  44  */
  45 GroupWithPolicyService.prototype.createRoom = secureMethod([allowAdmin], function(options) {
  46   assert(options, 'options required');
  47   var type = options.type || null;
  48   var providers = options.providers || [];
  49   var security = options.security;
  50   var name = options.name;
  51   var associateWithGitHubRepo = options.associateWithGitHubRepo;
  52
  53   var user = this.user;
  54   var group = this.group;
  55
  56   if (!validateProviders(providers)) {
  57     throw new StatusError(400, 'Invalid providers ' + providers);
  58   }
  59
  60   assert(security, 'security required');
  61
  62   if (!validateRoomSecurity(type, security)) {
  63     throw new StatusError(400, 'Invalid room security for ' + type + ': ' + security);
  64   }
  65
  66   if (!validateRoomName(name)) {
  67     throw new StatusError(400, 'Invalid room name: ' + name);
  68   }
  69
  70   return this._ensureAccessAndFetchRoomInfo(options)
  71     .spread(function(roomInfo, securityDescriptor) {
  72       debug('Upserting %j', roomInfo);
  73
  74       return roomService.createGroupRoom(user, group, roomInfo, securityDescriptor, {
  75         tracking: options.tracking,
  76         associateWithGitHubRepo: associateWithGitHubRepo,
  77         addBadge: options.addBadge
  78       });
  79     })
  80     .then(function(results) {
  81       return {
  82         troupe: results.troupe,
  83         hookCreationFailedDueToMissingScope: results.hookCreationFailedDueToMissingScope
  84       };
  85     });
  86 });
  87
  88 GroupWithPolicyService.prototype.setAvatar = secureMethod([allowAdmin], function(url) {
  89   groupService.setAvatarForGroup(this.group._id, url);
  90 });
  91
  92 /**
  93  * @private
  94  */
  95 GroupWithPolicyService.prototype._ensureAccessAndFetchRoomInfo = function(options) {
  96   var user = this.user;
  97   var group = this.group;
  98   var type = options.type || null;
  99   var providers = options.providers || [];
 100   var security = options.security;
 101   var topic = options.topic;
 102   var name = options.name;
 103   var linkPath = options.linkPath;
 104   var internalId;
 105
 106   // This is probably not needed...
 107   var obtainAccessFromGitHubRepo = options.obtainAccessFromGitHubRepo;
 108
 109   var uri = group.uri + '/' + name;
 110
 111   if (!validateProviders(providers)) {
 112     throw new StatusError(400, 'Invalid providers ' + providers.toString());
 113   }
 114
 115   assert(security, 'security required');
 116
 117   if (!validateRoomSecurity(type, security)) {
 118     throw new StatusError(400, 'Invalid room security for ' + type + ': ' + security);
 119   }
 120
 121   if (!validateRoomName(name)) {
 122     throw new StatusError(400, 'Invalid room name: ' + name);
 123   }
 124
 125   if (type === 'GROUP') {
 126     internalId = group._id;
 127   }
 128
 129   return troupeService.findByUri(uri).then(function(room) {
 130     if (room) {
 131       throw new StatusError(409, 'Room uri already taken: ' + uri);
 132     }
 133
 134     return ensureAccessAndFetchDescriptor(user, {
 135       type: type,
 136       linkPath: linkPath,
 137       obtainAccessFromGitHubRepo: obtainAccessFromGitHubRepo,
 138       internalId: internalId,
 139       security: security
 140     }).then(function(securityDescriptor) {
 141       return [
 142         {
 143           topic: topic,
 144           uri: uri,
 145           providers: providers
 146         },
 147         securityDescriptor
 148       ];
 149     });
 150   });
 151 };
 152
 153 GroupWithPolicyService.prototype.setAvatar = secureMethod([allowAdmin], function(url) {
 154   return groupService.setAvatarForGroup(this.group._id, url);
 155 });
 156
 157 module.exports = GroupWithPolicyService;