Merge branch 'master' into clostridium
* master: Need to wait for currentUser promise Tweak custom session Keep non-admins out of user profiles
This commit is contained in:
Matthew Dillon
commit
421831b5a6
4 changed files with 26 additions and 16 deletions
|
|
@ -1,25 +1,11 @@
|
||||||
import Session from 'simple-auth/session';
|
|
||||||
import parseBase64 from '../utils/parse-base64';
|
|
||||||
import Ember from 'ember';
|
import Ember from 'ember';
|
||||||
|
|
||||||
var CustomSession = Session.extend({
|
|
||||||
currentUser: function() {
|
|
||||||
let token = this.get('secure.token');
|
|
||||||
if (!Ember.isEmpty(token)) {
|
|
||||||
let t = parseBase64(token);
|
|
||||||
return this.container.lookup('service:store').find('user', t['sub']);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}.property('secure.token'),
|
|
||||||
|
|
||||||
});
|
|
||||||
|
|
||||||
export function initialize(container, application) {
|
export function initialize(container, application) {
|
||||||
application.register('session:custom', CustomSession);
|
application.inject('session:custom', '_store', 'service:store');
|
||||||
}
|
}
|
||||||
|
|
||||||
export default {
|
export default {
|
||||||
name: 'custom-session',
|
name: 'custom-session',
|
||||||
before: 'simple-auth',
|
after: 'ember-data',
|
||||||
initialize: initialize
|
initialize: initialize
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ export default Ember.Controller.extend({
|
||||||
let options = {
|
let options = {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
data: {
|
data: {
|
||||||
|
id: this.get('session.currentUser.id'),
|
||||||
password: this.get('password'),
|
password: this.get('password'),
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,17 @@
|
||||||
import Ember from 'ember';
|
import Ember from 'ember';
|
||||||
|
|
||||||
export default Ember.Route.extend({
|
export default Ember.Route.extend({
|
||||||
|
beforeModel: function(transition) {
|
||||||
|
this._super(transition);
|
||||||
|
|
||||||
|
this.get('session.currentUser').then((currentUser) => {
|
||||||
|
let user_id = transition.params['protected.users.show'].user_id;
|
||||||
|
if (!currentUser.get('isAdmin') && currentUser.get('id') !== user_id) {
|
||||||
|
this.transitionTo('protected.users.index');
|
||||||
|
}
|
||||||
|
})
|
||||||
|
},
|
||||||
|
|
||||||
model: function(params) {
|
model: function(params) {
|
||||||
return this.store.findRecord('user', params.user_id, { reload: true });
|
return this.store.findRecord('user', params.user_id, { reload: true });
|
||||||
},
|
},
|
||||||
|
|
|
||||||
12
app/sessions/custom.js
Normal file
12
app/sessions/custom.js
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
import Session from 'simple-auth/session';
|
||||||
|
import parseBase64 from '../utils/parse-base64';
|
||||||
|
|
||||||
|
export default Session.extend({
|
||||||
|
currentUser: function() {
|
||||||
|
let token = this.get('secure.token');
|
||||||
|
if (token && this.get('isAuthenticated')) {
|
||||||
|
let t = parseBase64(token);
|
||||||
|
return this._store.findRecord('user', t['sub']);
|
||||||
|
}
|
||||||
|
}.property('secure.token', 'isAuthenticated')
|
||||||
|
});
|
||||||
Reference in a new issue