Angular selfcheck WIP -- restrict auth cookie

Signed-off-by: Bill Erickson <berickxx@gmail.com>

diff --git a/Open-ILS/web/js/ui/default/staff/app.js b/Open-ILS/web/js/ui/default/staff/app.js
index 4cf388c..91cfd37 100644 (file)
--- a/Open-ILS/web/js/ui/default/staff/app.js
+++ b/Open-ILS/web/js/ui/default/staff/app.js
@@ -97,6 +97,14 @@ function($routeProvider , $locationProvider) {
             // if at least one workstation exists, it must be used.
             if (!args.workstation && $scope.workstations.length > 0) return;
 
+            if ($location.search().restrict_path) {
+                // Limit staff login access to this path plus any
+                // sub-paths. Attempts to navigate to another part
+                // of the application will result in a new login dialog.
+                egCore.hatch.cookiePath =
+                    egCore.env.basePath + $location.search().restrict_path;
+            }
+
             args.type = 'staff';
             egCore.auth.login(args).then(
 

diff --git a/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js b/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js
index cdc5679..b8a9aad 100644 (file)
--- a/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js
+++ b/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js
@@ -52,6 +52,9 @@ angular.module('egSelfCheckApp',
 
         egCore.env.loadClasses.push('aous');
 
+        // Limit self-check staff logins to the selfcheck path.
+        egCore.startup.restrictLoginPath = 'circ/selfcheck';
+
         return egCore.startup.go().then(function() {
             // TODO load other startup data.
         });

diff --git a/Open-ILS/web/js/ui/default/staff/services/hatch.js b/Open-ILS/web/js/ui/default/staff/services/hatch.js
index 4fee7cb..bf2d7c6 100644 (file)
--- a/Open-ILS/web/js/ui/default/staff/services/hatch.js
+++ b/Open-ILS/web/js/ui/default/staff/services/hatch.js
@@ -62,6 +62,10 @@ angular.module('egCoreMod')
         return oncall;
     }
 
+    // Defaults to <base> path.  Overrride to limit loginSessionItems to
+    // a sub-path of the /eg/staff application.
+    service.cookiePath = null;
+
     // write a message to the Hatch port
     service.sendToHatch = function(msg) {
         var msg2 = {};
@@ -319,7 +323,14 @@ angular.module('egCoreMod')
         service.addLoginSessionKey(key);
         if (jsonified === undefined ) 
             jsonified = JSON.stringify(value);
-        $cookies.put(key, jsonified);
+
+        var options = {secure : true}; // cookie options
+        if (service.cookiePath) {
+            console.debug('Using LoginSessionItem path ' + service.cookiePath);
+            options.path = service.cookiePath;
+        }
+
+        $cookies.put(key, jsonified, options);
     }
 
     // Set the value for the given key.  

diff --git a/Open-ILS/web/js/ui/default/staff/services/startup.js b/Open-ILS/web/js/ui/default/staff/services/startup.js
index 038eb2d..541b7c2 100644 (file)
--- a/Open-ILS/web/js/ui/default/staff/services/startup.js
+++ b/Open-ILS/web/js/ui/default/staff/services/startup.js
@@ -56,11 +56,20 @@ function($q,  $rootScope,  $location,  $window,  egIDL,  egAuth,  egEnv , egOrg
 
         // change locations to the login page, using the current page
         // as the 'route_to' destination on /login
-        $window.location.href = $location
-            .path('/login')
-            .search({route_to : 
-                $window.location.pathname + $window.location.search})
-            .absUrl();
+        // Compile the URL manually in lieu of using $location.path(..) /
+        // $location.search(...) to avoid intermediate route changes.
+        var newUrl =
+            egEnv.basePath +    // /eg/staff/
+            'login' +
+            '?route_to=' + encodeURIComponent(
+                $window.location.pathname + $window.location.search);
+
+        if (service.restrictLoginPath) {
+            newUrl += '&restrict_path=' +
+                encodeURIComponent(service.restrictLoginPath);
+        }
+
+        $window.location.href = newUrl;
 
         return false;
     }