Commit aa874045 authored by Andrea Ida Malkah Klaura's avatar Andrea Ida Malkah Klaura
Browse files

FIX: fetch steering user & only own shows

Superusers should see all shows. Ordinary users only those shows that belong to them.
Therefore we have to fetch the user data from the steering backend as well (OIDC info
alone does suffice here).

We need this info later too, when we implement user managament and profile settings.

In the ShowManager we now generate the GET URI depending on the superuser status.
parent 52c027fa
......@@ -12,6 +12,7 @@ import 'bootstrap-vue/dist/bootstrap-vue.css'
import oidc from 'oidc-client'
import header from './components/Header.vue'
import footer from './components/Footer.vue'
import axios from 'axios'
export default {
name: 'app',
......@@ -39,7 +40,8 @@ export default {
email: '',
access_token: '',
expires_at: 0,
logged_in: false
logged_in: false,
steeringUser: null
},
userOIDC: null,
oidcmgr: new oidc.UserManager({
......@@ -79,6 +81,29 @@ export default {
console.log(err)
})
},
getSteeringUser () {
axios.get(process.env.API_STEERING + 'users/', {
withCredentials: true,
headers: { 'Authorization': 'Bearer ' + this.user.access_token }
}).then(response => {
if (response.data.length === 0) {
alert('No user profile data provided by steering backend!')
} else if (response.data.length === 1) {
this.user.steeringUser = response.data[0]
} else {
// in case we are a superuser, we get all users returned
// so we have to iterate through the user list to find out own profile
for (var u in response.data) {
if (response.data[u].username === this.user.name) {
this.user.steeringUser = response.data[u]
break
}
}
}
}).catch(error => {
alert('There was an error fetching user data from the steering backend: ' + error)
})
},
getOIDCUser () {
let self = this
this.oidcmgr.getUser().then(function (user) {
......@@ -91,6 +116,7 @@ export default {
// TODO: check user.expires_at
// if token already expired try to get a new one or mark the user as logged out
self.setUserProperties(user)
self.getSteeringUser()
}
}).catch(function (err) {
console.log(err)
......
......@@ -565,10 +565,18 @@ export default {
}
},
created () {
axios.get(process.env.API_STEERING_SHOWS, {
var uri = process.env.API_STEERING_SHOWS
if (!this.$parent.user.steeringUser.is_superuser) {
uri += '?owner=' + this.$parent.user.steeringUser.id
}
axios.get(uri, {
withCredentials: true,
headers: { 'Authorization': 'Bearer ' + this.$parent.user.access_token }
}).then(response => {
if (response.data.length === 0) {
alert('There are now shows associated with your account!')
return
}
this.shows = response.data
this.currentShowID = this.shows[0].id
this.currentShow = 0
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment