Booster service should be restricted for Project Owners #45

enonic · Apr 11, 2024 · 33e3b6e · 33e3b6e
1 parent e6f6319
commit 33e3b6e
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 64 deletions.
diff --git a/src/main/resources/admin/widgets/booster/booster.html b/src/main/resources/admin/widgets/booster/booster.html
@@ -1,10 +1,13 @@
 <widget id="widget-booster">
     <link rel="stylesheet" href="{{assetsUri}}/styles/main.css" type="text/css" media="all"/>
     <script src="{{assetsUri}}/js/main.js" data-service-url="{{serviceUrl}}" data-project="{{project}}"></script>
+    {{#isEnabled}}
     {{^isLicenseValid}}
     <script src="{{assetsUri}}/js/license.js" data-service-url="{{licenseUploadUrl}}"></script>
     {{/isLicenseValid}}
-    <div id="widget-booster-container" class="widget-booster-container{{^isLicenseValid}} license-invalid{{/isLicenseValid}}">
+    {{/isEnabled}}
+    <div id="widget-booster-container" class="widget-booster-container{{#isEnabled}}{{^isLicenseValid}} license-invalid{{/isLicenseValid}}{{/isEnabled}}">
+        {{#isEnabled}}
         {{^isLicenseValid}}
         <div id="widget-booster-license-invalid">
             <div id="license-upload">
@@ -21,6 +24,7 @@ <h6>Booster requires a valid Enonic license. Please contact your administrator</
             </div>
         </div>
         {{/isLicenseValid}}
+        {{/isEnabled}}
         <div id="widget-booster-license-valid">
             {{#isEnabled}}
 

diff --git a/src/main/resources/admin/widgets/booster/booster.js b/src/main/resources/admin/widgets/booster/booster.js
@@ -1,31 +1,10 @@
 const portal = require('/lib/xp/portal');
 const contentLib = require('/lib/xp/content');
-const authLib = require('/lib/xp/auth');
 const mustache = require('/lib/mustache');
-const licenseManager = require("/lib/license-manager");
+const helper = require("/lib/helper");
 
 const forceArray = (data) => (Array.isArray(data) ? data : new Array(data));
 
-const allowedRoles = ['role:system.admin', 'role:cms.admin'];
-
-const hasAllowedRole = (project) => {
-    let hasAllowedRole = false;
-    allowedRoles.concat(getProjectOwnerRole(project)).forEach(role => {
-        if (authLib.hasRole(role)) {
-            log.info('Current user has role: ' + role);
-            hasAllowedRole = true;
-        }
-    });
-    return hasAllowedRole;
-}
-
-const getProjectOwnerRole = (project) => {
-    if (!project) {
-        return null;
-    }
-    return `role:cms.project.${project}.owner`;
-}
-
 const isAppEnabledOnSite = (contentId) => {
     if (!contentId) {
         return true;
@@ -58,8 +37,8 @@ const renderWidgetView = (req) => {
 
     if (!project) {
         error = 'Project not found';
-    } else if (!hasAllowedRole(project)) {
-        error = 'You do not have permission to access this application';
+    } else if (!helper.hasAllowedRole(project)) {
+        error = 'You do not have a permission to access this application';
     }
 
     if (!error) {
@@ -79,7 +58,7 @@ const renderWidgetView = (req) => {
         isEnabled: !error,
         assetsUri: portal.assetUrl({ path: ''}),
         serviceUrl: portal.serviceUrl({ service: 'booster' }),
-        isLicenseValid: licenseManager.isLicenseValid(),
+        isLicenseValid: helper.isLicenseValid(),
         licenseUploadUrl: portal.serviceUrl({ service: 'license-upload' }),
         error,
         hint

diff --git a/src/main/resources/lib/helper.js b/src/main/resources/lib/helper.js
@@ -0,0 +1,50 @@
+const subscriptionKey = 'enonic.platform.subscription';
+const licenseLib = require('/lib/license');
+const authLib = require('/lib/xp/auth');
+
+const allowedRoles = ['role:system.admin', 'role:cms.admin'];
+
+const getProjectOwnerRole = (project) => project ? `role:cms.project.${project}.owner` : null;
+
+exports.hasAllowedRole = (project) => {
+    let hasAllowedRole = false;
+    allowedRoles.concat(getProjectOwnerRole(project)).forEach(role => {
+        if (authLib.hasRole(role)) {
+            log.info('Current user has role: ' + role);
+            hasAllowedRole = true;
+        }
+    });
+    return hasAllowedRole;
+}
+
+const getLicenseDetails = (license) => {
+    const params = {
+        appKey: subscriptionKey,
+    };
+    if (license) {
+        params.license = license;
+    }
+
+    return licenseLib.validateLicense(params);
+}
+
+const isLicenseValid = (license) => {
+    const licenseDetails = license ? getLicenseDetails(license) : getLicenseDetails();
+
+    return licenseDetails && !licenseDetails.expired;
+}
+
+exports.isLicenseValid = isLicenseValid;
+
+exports.installLicense = (license) => {
+    if (!isLicenseValid(license)) {
+        return false;
+    }
+
+    licenseLib.installLicense({
+        license: license,
+        appKey: subscriptionKey,
+    });
+
+    return true;
+}
diff --git a/src/main/resources/lib/license-manager.js b/src/main/resources/lib/license-manager.js
diff --git a/src/main/resources/services/booster/booster.js b/src/main/resources/services/booster/booster.js
@@ -1,6 +1,6 @@
 const contentLib = require('/lib/xp/content');
 const taskLib = require('/lib/xp/task');
-const licenseManager = require("/lib/license-manager");
+const helper = require("/lib/helper");
 
 const submitTask = function (descriptor, config) {
     return taskLib.submitTask({
@@ -28,7 +28,7 @@ exports.post = function (req) {
     const supportedActions = ['invalidate', 'purge-all', 'enforce-all', 'status'];
     const params = JSON.parse(req.body);
 
-    if (!licenseManager.isLicenseValid()) {
+    if (!helper.isLicenseValid()) {
         return {
             status: 500,
             body: 'Invalid license'
@@ -41,6 +41,7 @@ exports.post = function (req) {
             body: 'Invalid action'
         };
     }
+
     const action = params.action.trim();
     let taskId = params.data.taskId;
 
@@ -52,6 +53,13 @@ exports.post = function (req) {
     const project = params.data.project;
     const config = { project };
 
+    if (!helper.hasAllowedRole(project)) {
+        return {
+            status: 403,
+            body: 'Forbidden'
+        };
+    }
+
     if (contentId) {
         const content = contentLib.get({
             key: contentId

diff --git a/src/main/resources/services/license-upload/license-upload.js b/src/main/resources/services/license-upload/license-upload.js
@@ -1,11 +1,11 @@
 const portalLib = require("/lib/xp/portal");
 const ioLib = require("/lib/xp/io");
-const licenseManager = require("/lib/license-manager");
+const helper = require("/lib/helper");
 
 exports.post = function (req) {
     const licenseStream = portalLib.getMultipartStream("license");
     const license = ioLib.readText(licenseStream);
-    const licenseInstalled = licenseManager.installLicense(license);
+    const licenseInstalled = helper.installLicense(license);
 
     if (licenseInstalled) {
         return {