From 7b84e1c1fc4c41388fb9e16d117bb71bb1580bfa Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Thu, 3 Oct 2024 16:29:45 -0400 Subject: [PATCH] More work on the site permissions. --- src/routes/+layout.svelte | 23 +++++++++++++++++++++-- src/routes/+layout.ts | 27 +++++++++++++++++++-------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte index 43004932..fd598e57 100644 --- a/src/routes/+layout.svelte +++ b/src/routes/+layout.svelte @@ -118,12 +118,31 @@ if ($ae_loc.site_cfg_json.slct__sponsorship_cfg_id) { if ($ae_loc.allow_access && !$ae_loc.key_checked) { console.log(`PASS: The access key was checked earlier.`); + + // allow_access should equal true or the access key. + if ($ae_loc.site_access_key || $ae_loc.site_domain_access_key) { + console.log(`We need to do a current check against the allow_access value.`); + if ($ae_loc.site_access_key == $ae_loc.allow_access || $ae_loc.site_domain_access_key == $ae_loc.allow_access) { + console.log(`PASS: The access key was checked earlier and we just now checked the key.`); + } else { + console.log(`FAIL: The access key was checked earlier, but just now failed.`); + if ($ae_loc.trusted_access) { + console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`); + $ae_loc.allow_access = true; + } else { + $ae_loc.allow_access = false; + } + } + } else { + // This means this site and domain do not require an access key. + // Do nothing to change the allow_access here at this time. + } } else if ($ae_loc.allow_access && $ae_loc.key_checked) { console.log(`PASS: The access key was checked earlier and we just now checked the key.`); } else if (!$ae_loc.allow_access && $ae_loc.key_checked) { console.log(`FAIL: The access key was checked earlier and failed.`); - if ($ae_loc.administrator_access) { - console.log(`FAIL: The access key was checked earlier and failed, but we have administrator access.`); + if ($ae_loc.trusted_access) { + console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`); $ae_loc.allow_access = true; } } else { diff --git a/src/routes/+layout.ts b/src/routes/+layout.ts index b83b5e8b..bcb8e534 100644 --- a/src/routes/+layout.ts +++ b/src/routes/+layout.ts @@ -57,9 +57,9 @@ let ae_loc_init: key_val = { // functions: fetch, setHeaders, parent, depends, untrack export async function load({ fetch, params, parent, route, url }) { // params, route, url let log_lvl = 0; - // console.log(`Svelte root layout.ts params:`, params); - // console.log(`Svelte root layout.ts route:`, route); - // console.log(`Svelte root layout.ts url:`, url); + // console.log(`Svelte root +layout.ts params:`, params); + // console.log(`Svelte root +layout.ts route:`, route); + // console.log(`Svelte root +layout.ts url:`, url); let account_id: Promise; @@ -166,12 +166,15 @@ export async function load({ fetch, params, parent, route, url }) { // params, r ae_loc_init['site_domain_access_key'] = site_domain_results.site_domain_access_key; // This is specific to a (sub)domain. if (!ae_loc_init['site_access_key'] && !ae_loc_init['site_domain_access_key']) { - ae_loc_init['key_checked'] = true; + ae_loc_init['key_checked'] = true; // Se to true to allow access without a key. ae_loc_init['allow_access'] = true; // No access key is required here. } else { let access_key = url.searchParams.get('key'); - console.log(`root layout.ts: access_key = `, access_key); + if (access_key) { + if (log_lvl) { + console.log(`root +layout.ts: access_key = ${access_key}`); + } if (access_key == ae_loc_init['site_access_key']) { ae_loc_init['key_checked'] = ae_loc_init['site_access_key']; ae_loc_init['allow_access'] = ae_loc_init['site_access_key']; @@ -179,26 +182,34 @@ export async function load({ fetch, params, parent, route, url }) { // params, r ae_loc_init['key_checked'] = ae_loc_init['site_domain_access_key']; ae_loc_init['allow_access'] = ae_loc_init['site_domain_access_key']; } else { + // The key changed and no longer matches the site or domain key. ae_loc_init['key_checked'] = true; ae_loc_init['allow_access'] = false; } } else { + if (log_lvl) { + console.log(`root +layout.ts: No access key found in URL.`); + } ae_loc_init['key_checked'] = true; + // Do nothing to change the allow_access here // ae_loc_init['allow_access'] = false; // An access key is required at this point. } } - console.log(`root layout.ts: Returning account_id = `, site_domain_results.account_id_random); + if (log_lvl) { + console.log(`root +layout.ts: Returning account_id = `, site_domain_results.account_id_random); + console.log(`root +layout.ts: ae_loc_init = `, ae_loc_init); + } return site_domain_results.account_id_random; } - console.log(`root layout.ts: Site domain results not found!!!`) + console.log(`root +layout.ts: Site domain results not found!!!`) return null; }); if (!account_id) { - console.log(`root layout.ts: The account_id was not found in API response!!!`); + console.log(`root +layout.ts: The account_id was not found in API response!!!`); // return false; // return; error(500, {