From cffde76c8800c7aefb1c2ae8f5c531d378d9c5fb Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Thu, 21 Nov 2024 14:19:08 -0500 Subject: [PATCH] Re-work of site permissions and Novi permissions. --- src/lib/ae_stores.ts | 8 +- src/lib/element_access_type.svelte | 10 +- src/routes/+layout.svelte | 97 +++++++++++------- src/routes/+page.svelte | 135 ++++++++++++++------------ src/routes/idaa/(idaa)/+layout.svelte | 63 ++++++++---- static/idaa_novi_iframe_archives.html | 11 ++- 6 files changed, 197 insertions(+), 127 deletions(-) diff --git a/src/lib/ae_stores.ts b/src/lib/ae_stores.ts index bc3f4e3f..03f189be 100644 --- a/src/lib/ae_stores.ts +++ b/src/lib/ae_stores.ts @@ -69,8 +69,8 @@ export let ae_app_local_data_struct: key_val = { 'account_name': 'Account Name Not Set', 'allow_access': false, // Set to key if access is allowed. 'site_domain': null, // https://example.com, https://dev.example.com, etc. - 'site_access_key': null, - 'site_domain_access_key': null, + 'site_access_key': null, // This is the general site access key + 'site_domain_access_key': null, // This is specific to a (sub)domain. 'site_cfg_json': { slct__event_id: null, slct__event_badge_template_id: null, @@ -81,8 +81,8 @@ export let ae_app_local_data_struct: key_val = { // The site access codes can be pulled from the site records for an account. 'site_access_code_kv': { // 'manager': '10240', - 'administrator': '11500', - 'trusted': '19111', + 'administrator': null, + 'trusted': null, 'public': 'public1980', 'authenticated': 'auth1980' }, diff --git a/src/lib/element_access_type.svelte b/src/lib/element_access_type.svelte index ad6926af..e9550b4b 100644 --- a/src/lib/element_access_type.svelte +++ b/src/lib/element_access_type.svelte @@ -52,31 +52,31 @@ function handle_check_access_type_passcode() { if (entered_passcode && entered_passcode.length >= 5) { - if ($ae_loc.site_access_code_kv.super == entered_passcode) { + if ($ae_loc.site_access_code_kv.super.length >= 8 && $ae_loc.site_access_code_kv.super == entered_passcode) { console.log('Super passcode matched'); window.localStorage.setItem('access_type', 'super'); $ae_loc.access_type = 'super'; - } else if ($ae_loc.site_access_code_kv.manager == entered_passcode) { + } else if ($ae_loc.site_access_code_kv.manager.length >= 5 && $ae_loc.site_access_code_kv.manager == entered_passcode) { console.log('Manager passcode matched'); window.localStorage.setItem('access_type', 'manager'); $ae_loc.access_type = 'manager'; - } else if ($ae_loc.site_access_code_kv.administrator == entered_passcode) { + } else if ($ae_loc.site_access_code_kv.administrator.length >= 5 && $ae_loc.site_access_code_kv.administrator == entered_passcode) { console.log('Administrator passcode matched'); window.localStorage.setItem('access_type', 'administrator'); $ae_loc.access_type = 'administrator'; - } else if ($ae_loc.site_access_code_kv.trusted == entered_passcode) { + } else if ($ae_loc.site_access_code_kv.trusted.length >= 5 && $ae_loc.site_access_code_kv.trusted == entered_passcode) { console.log('Trusted passcode matched'); window.localStorage.setItem('access_type', 'trusted'); $ae_loc.access_type = 'trusted'; - } else if ($ae_loc.site_access_code_kv.public == entered_passcode) { + } else if ($ae_loc.site_access_code_kv.public.length >= 5 && $ae_loc.site_access_code_kv.public == entered_passcode) { console.log('Public passcode matched'); window.localStorage.setItem('access_type', 'public'); diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte index c4c6cce6..b02f07cb 100644 --- a/src/routes/+layout.svelte +++ b/src/routes/+layout.svelte @@ -189,38 +189,45 @@ if ($ae_loc.site_cfg_json.slct__sponsorship_cfg_id) { } -if ($ae_loc.allow_access && !$ae_loc.key_checked) { - console.log(`PASS: The access key was checked earlier.`); +// This needs to be re-worked ASAP! 2024-11-21 +if ($ae_loc.iframe) { + $ae_loc.allow_access = true; +} else { - // allow_access should equal true or the access key. - if ($ae_loc.site_access_key || $ae_loc.site_domain_access_key) { - console.log(`We need to do a current check against the allow_access value.`); - if ($ae_loc.site_access_key == $ae_loc.allow_access || $ae_loc.site_domain_access_key == $ae_loc.allow_access) { - console.log(`PASS: The access key was checked earlier and we just now checked the key.`); - } else { - console.log(`FAIL: The access key was checked earlier, but just now failed.`); - if ($ae_loc.trusted_access) { - console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`); - $ae_loc.allow_access = true; + if ($ae_loc.allow_access && !$ae_loc.key_checked) { + console.log(`PASS: The access key was checked earlier.`); + + // allow_access should equal true or the access key. + if ($ae_loc.site_access_key || $ae_loc.site_domain_access_key) { + console.log(`We need to do a current check against the allow_access value.`); + if ($ae_loc.site_access_key == $ae_loc.allow_access || $ae_loc.site_domain_access_key == $ae_loc.allow_access) { + console.log(`PASS: The access key was checked earlier and we just now checked the key.`); } else { - $ae_loc.allow_access = false; + console.log(`FAIL: The access key was checked earlier, but just now failed.`); + if ($ae_loc.trusted_access) { + console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`); + $ae_loc.allow_access = true; + } else { + $ae_loc.allow_access = false; + } } + } else { + // This means this site and domain do not require an access key. + // Do nothing to change the allow_access here at this time. + } + } else if ($ae_loc.allow_access && $ae_loc.key_checked) { + console.log(`PASS: The access key was checked earlier and we just now checked the key.`); + } else if (!$ae_loc.allow_access && $ae_loc.key_checked) { + console.log(`FAIL: The access key was checked earlier and failed.`); + if ($ae_loc.trusted_access) { + console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`); + $ae_loc.allow_access = true; } } else { - // This means this site and domain do not require an access key. - // Do nothing to change the allow_access here at this time. + console.log(`FAIL: The access key was not checked earlier.`); + // $ae_loc.key_checked = true; } -} else if ($ae_loc.allow_access && $ae_loc.key_checked) { - console.log(`PASS: The access key was checked earlier and we just now checked the key.`); -} else if (!$ae_loc.allow_access && $ae_loc.key_checked) { - console.log(`FAIL: The access key was checked earlier and failed.`); - if ($ae_loc.trusted_access) { - console.log(`FAIL: The access key was checked earlier and failed, but we have trusted access.`); - $ae_loc.allow_access = true; - } -} else { - console.log(`FAIL: The access key was not checked earlier.`); - // $ae_loc.key_checked = true; + } // $: access_key = data.url.searchParams.get('key'); @@ -443,6 +450,9 @@ onMount(() => { +{#if + $ae_loc.allow_access} + { - {#if - $ae_loc.allow_access} + @@ -505,12 +514,6 @@ onMount(() => { - {:else} -
-

Access Denied

-

You do not have access to this site.

-
- {/if} @@ -542,6 +545,32 @@ onMount(() => { +{:else} + +
+

Access Denied

+

You do not have access to this site.

+ +
+ +{/if} + + {#if $ae_loc.hub?.show_element__access_type} {
+ class="ae_root md:container h-full mx-auto flex flex-col items-center p-4 space-y-12" + class:ae_root--auth_access={$ae_loc.auth_access} + class:ae_root--public_access={$ae_loc.public_access} + class:ae_root--trusted_access={$ae_loc.trusted_access} + class:ae_root--administrator_access={$ae_loc.administrator_access} + class:ae_root--manager_access={$ae_loc.manager_access} + class:ae_root--super_access={$ae_loc.super_access} + > + ds_code="hub__site__root_page_header" + ds_type="html" + for_type={null} + for_id={null} + ds_name="Default: AE Hub - Site root page header HTML" + class_li={$ae_sess.ds_loaded.hub__site__root_page_header === false ? 'hidden' : ''} + bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_header} + /> + ds_code="hub__site__root_page_content" + ds_type="html" + for_type={null} + for_id={null} + ds_name="Default: AE Hub - Site root page content HTML" + show_edit={false} + class_li={$ae_sess.ds_loaded.hub__site__root_page_content === false ? 'hidden' : 'grow'} + bind:ds_loaded={$ae_sess.ds_loaded.hub__site__root_page_content} + />
-
- - -
+
+ + +
- - + + - + +
diff --git a/src/routes/idaa/(idaa)/+layout.svelte b/src/routes/idaa/(idaa)/+layout.svelte index 5fca968c..777bac6b 100644 --- a/src/routes/idaa/(idaa)/+layout.svelte +++ b/src/routes/idaa/(idaa)/+layout.svelte @@ -141,23 +141,50 @@ $: if ($ae_loc.iframe && $ae_loc.iframe_height && $ae_loc.iframe_height_modal_bo -{#if ($ae_loc.authenticated_access)} -
- -
-{:else} -
-

- - - Access Denied - +{#if ($ae_loc.trusted_access || ($ae_loc.authenticated_access && $idaa_loc.novi_uuid))} + +
+ +
+ {#if $idaa_loc.novi_uuid} + + Novi: + {$idaa_loc.novi_uuid} + {$idaa_loc.novi_full_name ?? 'name not set'} + {$idaa_loc.novi_email ?? 'email not set'} -

-

You do not have access to this page.

-
+ {:else} +

IDAA Novi UUID not found!

+ {/if} + +{:else} + +
+

+ + + Access Denied + + +

+

You do not have access to these IDAA page.

+ + {#if $ae_loc.iframe} + In iframe mode + {/if} + + {#if $idaa_loc.novi_uuid} + + Novi: + {$idaa_loc.novi_uuid} + {$idaa_loc.novi_full_name ?? 'name not set'} + {$idaa_loc.novi_email ?? 'email not set'} + + {:else} +

IDAA Novi UUID not found!

+ {/if} +
+ {/if} - - diff --git a/static/idaa_novi_iframe_archives.html b/static/idaa_novi_iframe_archives.html index a9ad9feb..3f5ab091 100644 --- a/static/idaa_novi_iframe_archives.html +++ b/static/idaa_novi_iframe_archives.html @@ -23,6 +23,7 @@ let novi_api_key_for_idaa = 'CmNdWgdPmgluBWjiTd8xsUCk5mio8F1O9DYAh0pVDcg='; let novi_current_user_obj = null; let novi_current_user_email = null; +let idaa_osit_site_key = 'restricted'; let idaa_ae_api_root_url = 'https://dev-idaa.oneskyit.com/idaa/archives'; let idaa_ae_params = new URLSearchParams(document.location.search); let idaa_ae_slct_archive_id = idaa_ae_params.get('archive_id'); @@ -53,10 +54,13 @@ fetch(novi_api_get_customer_endpoint, requestOptions) if (idaa_ae_slct_archive_id) { console.log(`Loading AE Archive ID: ${idaa_ae_slct_archive_id}`); // idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&archive_id=${idaa_ae_slct_archive_id}&full_name=${novi_current_user_obj.Name}&iframe=true`; - idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}/${idaa_ae_slct_archive_id}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true`; + idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}/${idaa_ae_slct_archive_id}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true&key=${idaa_osit_site_key}`; } else { - idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true`; + idaa_ae_iframe_element.src = `${idaa_ae_api_root_url}?uuid=${novi_customer_uid}&email=${novi_current_user_obj.Email}&full_name=${novi_current_user_obj.Name}&iframe=true&key=${idaa_osit_site_key}`; } + + let iframe_src = document.getElementById('iframe_src'); + iframe_src.innerHTML = `iframe src = ${idaa_ae_iframe_element.src}`; }) .catch(error => console.log('error', error)); @@ -107,6 +111,9 @@ window.addEventListener('message', function(event) { }); + +
iframe src=
+