Re-work of site permissions and Novi permissions.

2024-11-21 14:19:08 -05:00
parent fcec4ed96f
commit cffde76c88
6 changed files with 197 additions and 127 deletions
--- a/src/lib/ae_stores.ts
+++ b/src/lib/ae_stores.ts
@@ -69,8 +69,8 @@ export let ae_app_local_data_struct: key_val = {
    'account_name': 'Account Name Not Set',
    'allow_access': false, // Set to key if access is allowed.
    'site_domain': null, // https://example.com, https://dev.example.com, etc.
-    'site_access_key': null,
-    'site_domain_access_key': null,
+    'site_access_key': null, // This is the general site access key
+    'site_domain_access_key': null, // This is specific to a (sub)domain.
    'site_cfg_json': {
        slct__event_id: null,
        slct__event_badge_template_id: null,
@@ -81,8 +81,8 @@ export let ae_app_local_data_struct: key_val = {
    // The site access codes can be pulled from the site records for an account.
    'site_access_code_kv': {
        // 'manager': '10240',
-        'administrator': '11500',
-        'trusted': '19111',
+        'administrator': null,
+        'trusted': null,
        'public': 'public1980',
        'authenticated': 'auth1980'
    },
--- a/src/lib/element_access_type.svelte
+++ b/src/lib/element_access_type.svelte
@@ -52,31 +52,31 @@ function handle_check_access_type_passcode() {

    if (entered_passcode && entered_passcode.length >= 5) {

-        if ($ae_loc.site_access_code_kv.super == entered_passcode) {
+        if ($ae_loc.site_access_code_kv.super.length >= 8 && $ae_loc.site_access_code_kv.super == entered_passcode) {
            console.log('Super passcode matched');

            window.localStorage.setItem('access_type', 'super');

            $ae_loc.access_type = 'super';
-        } else if ($ae_loc.site_access_code_kv.manager == entered_passcode) {
+        } else if ($ae_loc.site_access_code_kv.manager.length >= 5 && $ae_loc.site_access_code_kv.manager == entered_passcode) {
            console.log('Manager passcode matched');

            window.localStorage.setItem('access_type', 'manager');

            $ae_loc.access_type = 'manager';
-        } else if ($ae_loc.site_access_code_kv.administrator == entered_passcode) {
+        } else if ($ae_loc.site_access_code_kv.administrator.length >= 5 && $ae_loc.site_access_code_kv.administrator == entered_passcode) {
            console.log('Administrator passcode matched');

            window.localStorage.setItem('access_type', 'administrator');

            $ae_loc.access_type = 'administrator';
-        } else if ($ae_loc.site_access_code_kv.trusted == entered_passcode) {
+        } else if ($ae_loc.site_access_code_kv.trusted.length >= 5 && $ae_loc.site_access_code_kv.trusted == entered_passcode) {
            console.log('Trusted passcode matched');

            window.localStorage.setItem('access_type', 'trusted');

            $ae_loc.access_type = 'trusted';
-        } else if ($ae_loc.site_access_code_kv.public == entered_passcode) {
+        } else if ($ae_loc.site_access_code_kv.public.length >= 5 && $ae_loc.site_access_code_kv.public == entered_passcode) {
            console.log('Public passcode matched');

            window.localStorage.setItem('access_type', 'public');
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@@ -189,38 +189,45 @@ if ($ae_loc.site_cfg_json.slct__sponsorship_cfg_id) {
 }


-if ($ae_loc.allow_access && !$ae_loc.key_checked) {
-    console.log(`PASS: The access key was checked earlier.`);
+// This needs to be re-worked ASAP! 2024-11-21
+if ($ae_loc.iframe) {
+    $ae_loc.allow_access = true;
+} else {

-    // allow_access should equal true or the access key.
-    if ($ae_loc.site_access_key || $ae_loc.site_domain_access_key) {
-        console.log(`We need to do a current check against the allow_access value.`);
-        if ($ae_loc.site_access_key == $ae_loc.allow_access || $ae_loc.site_domain_access_key == $ae_loc.allow_access) {
-            console.log(`PASS: The access key was checked earlier and we just now checked the key.`);
-        } else {
-            console.log(`FAIL: The access key was checked earlier, but just now failed.`);
-            if ($ae_loc.trusted_access) {
-                console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`);
-                $ae_loc.allow_access = true;
+    if ($ae_loc.allow_access && !$ae_loc.key_checked) {
+        console.log(`PASS: The access key was checked earlier.`);
+
+        // allow_access should equal true or the access key.
+        if ($ae_loc.site_access_key || $ae_loc.site_domain_access_key) {
+            console.log(`We need to do a current check against the allow_access value.`);
+            if ($ae_loc.site_access_key == $ae_loc.allow_access || $ae_loc.site_domain_access_key == $ae_loc.allow_access) {
+                console.log(`PASS: The access key was checked earlier and we just now checked the key.`);
            } else {
-                $ae_loc.allow_access = false;
+                console.log(`FAIL: The access key was checked earlier, but just now failed.`);
+                if ($ae_loc.trusted_access) {
+                    console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`);
+                    $ae_loc.allow_access = true;
+                } else {
+                    $ae_loc.allow_access = false;
+                }
            }
+        } else {
+            // This means this site and domain do not require an access key.
+            // Do nothing to change the allow_access here at this time.
+        }
+    } else if ($ae_loc.allow_access && $ae_loc.key_checked) {
+        console.log(`PASS: The access key was checked earlier and we just now checked the key.`);
+    } else if (!$ae_loc.allow_access && $ae_loc.key_checked) {
+        console.log(`FAIL: The access key was checked earlier and failed.`);
+        if ($ae_loc.trusted_access) {
+            console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`);
+            $ae_loc.allow_access = true;
        }
    } else {
-        // This means this site and domain do not require an access key.
-        // Do nothing to change the allow_access here at this time.
+        console.log(`FAIL: The access key was not checked earlier.`);
+        // $ae_loc.key_checked = true;
    }
-} else if ($ae_loc.allow_access && $ae_loc.key_checked) {
-    console.log(`PASS: The access key was checked earlier and we just now checked the key.`);
-} else if (!$ae_loc.allow_access && $ae_loc.key_checked) {
-    console.log(`FAIL: The access key was checked earlier and failed.`);
-    if ($ae_loc.trusted_access) {
-        console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`);
-        $ae_loc.allow_access = true;
-    }
-} else {
-    console.log(`FAIL: The access key was not checked earlier.`);
-    // $ae_loc.key_checked = true;
+
 }

 // $: access_key = data.url.searchParams.get('key');
@@ -443,6 +450,9 @@ onMount(() => {

 <!-- regionFooter="flex justify-end space-x-2" -->

+{#if
+    $ae_loc.allow_access}
+
 <Modal components={modalRegistry}
    regionBackdrop=''
    regionBody=''
@@ -495,8 +505,7 @@ onMount(() => {

    <!-- !($ae_loc.site_access_key && $ae_loc.site_domain_access_key)
    || ($ae_loc.site_access_key == access_key || $ae_loc.site_domain_access_key == access_key)} -->
-    {#if
-        $ae_loc.allow_access}
+

        <!-- {$ae_loc?.site_access_key ?? '-- site access key not set --'} -->
        <!-- {$ae_loc?.site_domain_access_key ?? '-- site domain access key not set --'} -->
@@ -505,12 +514,6 @@ onMount(() => {
        <!-- Page Route Content -->
        <slot />

-    {:else}
-        <div class="flex flex-col items-center justify-center h-screen">
-            <h1 class="text-4xl font-bold text-red-500">Access Denied</h1>
-            <p class="text-lg text-gray-500">You do not have access to this site.</p>
-        </div>
-    {/if}


    <svelte:fragment slot="footer">
@@ -542,6 +545,32 @@ onMount(() => {

 </AppShell>

+{:else}
+
+    <div
+        data-sveltekit-preload-data="false"
+        class="flex flex-col items-center justify-center h-full"
+        >
+        <h1 class="text-4xl font-bold text-red-500">Access Denied</h1>
+        <p class="text-lg text-gray-500">You do not have access to this site.</p>
+        <button
+            class="btn btn-sm m-1 variant-glass-surface hover:variant-outline-warning text-error-300 hover:text-error-800"
+            title="Reload and clear the page cache"
+            on:click={() => {
+                localStorage.clear();
+                sessionStorage.clear();
+                alert('Local and Session Storage cleared. The page should now refresh on its own.');
+                window.location.reload(true);
+            }}
+            >
+            <span class="fas fa-sync mx-1"></span>
+            Reload and Clear Cache
+        </button>
+    </div>
+
+{/if}
+
+

 {#if $ae_loc.hub?.show_element__access_type}
 <Element_access_type
--- a/src/routes/+page.svelte
+++ b/src/routes/+page.svelte
@@ -23,81 +23,88 @@ onMount(() => {


 <section
-	class="ae_root md:container h-full mx-auto flex flex-col items-center p-4 space-y-12"
-	class:ae_root--auth_access={$ae_loc.auth_access}
-	class:ae_root--public_access={$ae_loc.public_access}
-	class:ae_root--trusted_access={$ae_loc.trusted_access}
-	class:ae_root--administrator_access={$ae_loc.administrator_access}
-	class:ae_root--manager_access={$ae_loc.manager_access}
-	class:ae_root--super_access={$ae_loc.super_access}
-	>
+    class="ae_root md:container h-full mx-auto flex flex-col items-center p-4 space-y-12"
+    class:ae_root--auth_access={$ae_loc.auth_access}
+    class:ae_root--public_access={$ae_loc.public_access}
+    class:ae_root--trusted_access={$ae_loc.trusted_access}
+    class:ae_root--administrator_access={$ae_loc.administrator_access}
+    class:ae_root--manager_access={$ae_loc.manager_access}
+    class:ae_root--super_access={$ae_loc.super_access}
+    >

 <Element_data_store
-	ds_code="hub__site__root_page_header"
-	ds_type="html"
-	for_type={null}
-	for_id={null}
-	ds_name="Default: AE Hub - Site root page header HTML"
-	class_li={$ae_sess.ds_loaded.hub__site__root_page_header === false ? 'hidden' : ''}
-	bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_header}
-	/>
+    ds_code="hub__site__root_page_header"
+    ds_type="html"
+    for_type={null}
+    for_id={null}
+    ds_name="Default: AE Hub - Site root page header HTML"
+    class_li={$ae_sess.ds_loaded.hub__site__root_page_header === false ? 'hidden' : ''}
+    bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_header}
+    />
 <!-- page header DS: {$ae_sess.ds_loaded.hub__site__root_page_header} -->

 <Element_data_store
-	ds_code="hub__site__root_page_content"
-	ds_type="html"
-	for_type={null}
-	for_id={null}
-	ds_name="Default: AE Hub - Site root page content HTML"
-	show_edit={false}
-	class_li={$ae_sess.ds_loaded.hub__site__root_page_content === false ? 'hidden' : 'grow'}
-	bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_content}
-	/>
+    ds_code="hub__site__root_page_content"
+    ds_type="html"
+    for_type={null}
+    for_id={null}
+    ds_name="Default: AE Hub - Site root page content HTML"
+    show_edit={false}
+    class_li={$ae_sess.ds_loaded.hub__site__root_page_content === false ? 'hidden' : 'grow'}
+    bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_content}
+    />
 <!-- page content DS: {$ae_sess.ds_loaded.hub__site__root_page_content} -->

 <section class="flex flex-col gap-2 items-center p-4 space-y-6">

-<div data-sveltekit-preload-data="false" class="">
-<button
-	class="btn btn-sm m-1 variant-glass-surface hover:variant-outline-warning text-error-300 hover:text-error-800"
-	title="Reload and clear the page cache"
-	on:click={() => {
-		window.location.reload(true);
-	}}
-	>
-	<span class="fas fa-sync mx-1"></span>
-	Reload and Clear Cache
-</button>
-<button
-	class="btn btn-sm m-1 variant-glass-surface hover:variant-outline-warning text-error-300 hover:text-error-800"
-	title="Clear the browser storage for this page"
-	on:click={() => {
-		localStorage.clear();
-		sessionStorage.clear();
-		alert('Local and Session Storage cleared. You will probably want to refresh the page.');
-	}}
-	>
-	<span class="fas fa-sync mx-1"></span>
-	Clear Storage
-</button>
-</div>
+    <div
+        data-sveltekit-preload-data="false"
+        class="flex flex-row flex-wrap items-center justify-center"
+        >
+        <button
+            type="button"
+            class="btn btn-sm m-1 variant-glass-surface hover:variant-outline-warning text-error-300 hover:text-error-800"
+            title="Reload and clear the page cache"
+            on:click={() => {
+                window.location.reload(true);
+            }}
+            >
+            <span class="fas fa-sync mx-1"></span>
+            Reload
+        </button>
+        <button
+            type="button"
+            class="btn btn-sm m-1 p-1 variant-glass-surface hover:variant-outline-warning text-error-300 hover:text-error-800"
+            title="Reload and clear the page cache"
+            on:click={() => {
+                localStorage.clear();
+                sessionStorage.clear();
+                alert('Local and Session Storage cleared. The page should now refresh on its own.');
+                window.location.reload(true);
+            }}
+            >
+            <span class="fas fa-sync mx-1"></span>
+            Clear Storage and Reload
+        </button>
+    </div>

-<Element_data_store
-	expire_minutes={2}
-	ds_code="hub__site__root_page_footer"
-	ds_type="html"
-	for_type={null}
-	for_id={null}
-	ds_name="Default: AE Hub - Site root page footer HTML"
-	display="block"
-	class_li={!$ae_loc.manager_access && $ae_sess.ds_loaded.hub__site__root_page_footer === false ? 'hidden' : ''}
-	bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_footer}
-	/>
-<!-- page footer DS: {$ae_sess.ds_loaded.hub__site__root_page_footer} -->
+    <Element_data_store
+        expire_minutes={2}
+        ds_code="hub__site__root_page_footer"
+        ds_type="html"
+        for_type={null}
+        for_id={null}
+        ds_name="Default: AE Hub - Site root page footer HTML"
+        display="block"
+        class_li={!$ae_loc.manager_access && $ae_sess.ds_loaded.hub__site__root_page_footer === false ? 'hidden' : ''}
+        bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_footer}
+        />
+    <!-- page footer DS: {$ae_sess.ds_loaded.hub__site__root_page_footer} -->

-<ol class="list-decimal hidden">
-<li>Placeholder for Tailwind</li>
-</ol>
+
+    <ol class="list-decimal hidden">
+    <li>Placeholder for Tailwind</li>
+    </ol>

 </section>

--- a/src/routes/idaa/(idaa)/+layout.svelte
+++ b/src/routes/idaa/(idaa)/+layout.svelte
@@ -141,23 +141,50 @@ $: if ($ae_loc.iframe && $ae_loc.iframe_height && $ae_loc.iframe_height_modal_bo
 </svelte:head>


-{#if ($ae_loc.authenticated_access)}
-<div
-    bind:clientHeight={$ae_loc.iframe_height}
-    >
-    <slot />
-</div>
-{:else}
-<div class="container flex flex-col gap-1 w-full items-center justify-center font-bold p-8 m-8">
-    <h1>
-        <span class="text-red-500">
-            <span class="fas fa-exclamation-triangle"></span>
-            Access Denied
-            <span class="fas fa-exclamation-triangle"></span>
+{#if ($ae_loc.trusted_access || ($ae_loc.authenticated_access && $idaa_loc.novi_uuid))}
+
+    <div
+        bind:clientHeight={$ae_loc.iframe_height}
+        >
+        <slot />
+    </div>
+    {#if $idaa_loc.novi_uuid}
+        <span class="text-sm text-gray-500">
+            Novi: <span class="fas fa-user m-1"></span>
+            {$idaa_loc.novi_uuid}
+            {$idaa_loc.novi_full_name ?? 'name not set'}
+            {$idaa_loc.novi_email ?? 'email not set'}
        </span>
-    </h1>
-    <p>You do not have access to this page.</p>
-</div>
+    {:else}
+        <p class="text-sm text-gray-500 text-center">IDAA Novi UUID not found!</p>
+    {/if}
+
+{:else}
+
+    <div class="container flex flex-col gap-1 w-full items-center justify-center font-bold p-8 m-8">
+        <h1>
+            <span class="text-red-500">
+                <span class="fas fa-exclamation-triangle"></span>
+                Access Denied
+                <span class="fas fa-exclamation-triangle"></span>
+            </span>
+        </h1>
+        <p>You do not have access to these IDAA page.</p>
+
+        {#if $ae_loc.iframe}
+            In iframe mode
+        {/if}
+
+        {#if $idaa_loc.novi_uuid}
+            <span class="text-sm text-gray-500">
+                Novi: <span class="fas fa-user m-1"></span>
+                {$idaa_loc.novi_uuid}
+                {$idaa_loc.novi_full_name ?? 'name not set'}
+                {$idaa_loc.novi_email ?? 'email not set'}
+            </span>
+        {:else}
+            <p>IDAA Novi UUID not found!</p>
+        {/if}
+    </div>
+
 {/if}
-
-
--- a/static/idaa_novi_iframe_archives.html
+++ b/static/idaa_novi_iframe_archives.html
@@ -23,6 +23,7 @@ let novi_api_key_for_idaa = 'CmNdWgdPmgluBWjiTd8xsUCk5mio8F1O9DYAh0pVDcg=';
 let novi_current_user_obj = null;
 let novi_current_user_email = null;

+let idaa_osit_site_key = 'restricted';
 let idaa_ae_api_root_url = 'https://dev-idaa.oneskyit.com/idaa/archives';
 let idaa_ae_params = new URLSearchParams(document.location.search);
 let idaa_ae_slct_archive_id = idaa_ae_params.get('archive_id');
@@ -53,10 +54,13 @@ fetch(novi_api_get_customer_endpoint, requestOptions)
        if (idaa_ae_slct_archive_id) {
            console.log(`Loading AE Archive ID: ${idaa_ae_slct_archive_id}`);
            // idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&archive_id=${idaa_ae_slct_archive_id}&full_name=${novi_current_user_obj.Name}&iframe=true`;
-            idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}/${idaa_ae_slct_archive_id}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true`;
+            idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}/${idaa_ae_slct_archive_id}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true&key=${idaa_osit_site_key}`;
        } else {
-            idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true`;
+            idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true&key=${idaa_osit_site_key}`;
        }
+
+        let iframe_src = document.getElementById('iframe_src');
+        iframe_src.innerHTML = `iframe src = ${idaa_ae_iframe_element.src}`;
    })
    .catch(error => console.log('error', error));

@@ -107,6 +111,9 @@ window.addEventListener('message', function(event) {
 });
 </script>

+
+<div id="iframe_src">iframe src=</div>
+
 <!-- IDAA Aether Apps for Novi - Archives iframe -->
 <p><iframe width="100%" height="750" id="ae_idaa_archives_iframe" src="" style="min-height: 600px; max-height: 100%;" class="ae_idaa_iframe"></iframe></p>