fixed user permission bug in ui

js/apps/system/_admin/aardvark/APP/frontend/js/views/loginView.js

@@ -9,6 +9,7 @@
     el2: '.header',
     el3: '.footer',
     loggedIn: false,
+    loginCounter: 0,
 
     events: {
       "keyPress #loginForm input" : "keyPress",
@@ -43,18 +44,19 @@
         $('#loginForm').hide();
         $('.login-window #databases').show();
 
-        $.ajax(url).success(function(data) {
+        $.ajax(url).success(function(permissions) {
           //enable db select and login button
           $('#loginDatabase').html('');
           //fill select with allowed dbs
-          _.each(data.result, function(db) {
+
+          _.each(permissions.result, function(db) {
             $('#loginDatabase').append(
               '<option>' + db + '</option>'
             ); 
           });
 
           self.renderDBS();
-        }).error(function(data) {
+        }).error(function() {
           console.log("could not fetch user db data");                  
         });
       }
@@ -92,57 +94,82 @@
         return;
       }
 
-      var callback = function(error) {
-        var self = this;
-        if (error) {
-          $('.wrong-credentials').show();
-          $('#loginDatabase').html('');
-          $('#loginDatabase').append(
-            '<option>_system</option>'
-          ); 
+      this.collection.login(username, password, this.loginCallback.bind(this, username, password));
+    },
+
+    loginCallback: function(username, password, error) {
+
+      var self = this;
+
+      if (error) {
+        if (self.loginCounter === 0) {
+          self.loginCounter++;
+          self.collection.login(username, password, this.loginCallback.bind(this, username));
+          return;
         }
-        else {
-          // TODO
-          //var url = arangoHelper.databaseUrl("/_api/database/user", '_system');
-          var url = arangoHelper.databaseUrl("/_api/user/" + encodeURIComponent(username) + "/database", '_system');
+        self.loginCounter = 0;
+        $('.wrong-credentials').show();
+        $('#loginDatabase').html('');
+        $('#loginDatabase').append(
+          '<option>_system</option>'
+        ); 
+      }
+      else {
+        var url = arangoHelper.databaseUrl("/_api/user/" + encodeURIComponent(username) + "/database", '_system');
 
-          if (frontendConfig.authenticationEnabled === false) {
-            url = arangoHelper.databaseUrl("/_api/database/user");
-          }
+        if (frontendConfig.authenticationEnabled === false) {
+          url = arangoHelper.databaseUrl("/_api/database/user");
+        }
 
-          $('.wrong-credentials').hide();
-          self.loggedIn = true;
-          //get list of allowed dbs
-          $.ajax(url).success(function(data) {
+        $('.wrong-credentials').hide();
+        self.loggedIn = true;
 
-            $('#loginForm').hide();
-            $('#databases').show();
+        //get list of allowed dbs
+        $.ajax(url).success(function(permissions) {
 
-            //enable db select and login button
-            $('#loginDatabase').html('');
-            //fill select with allowed dbs
-            _.each(data.result, function(db, key) {
-              $('#loginDatabase').append(
-                '<option>' + key + '</option>'
-              ); 
-            });
-
-            self.renderDBS();
-          }).error(function(data) {
-            $('.wrong-credentials').show();
+          //HANDLE PERMISSIONS
+          _.each(permissions.result, function(value, key) {
+            if (value !== 'rw') {
+              delete permissions.result[key];
+            }
           });
-        }
-      }.bind(this);
 
-      this.collection.login(username, password, callback);
+          $('#loginForm').hide();
+          $('#databases').show();
+
+          //enable db select and login button
+          $('#loginDatabase').html('');
+
+
+          //fill select with allowed dbs
+          _.each(permissions.result, function(db, key) {
+            $('#loginDatabase').append(
+              '<option>' + key + '</option>'
+            ); 
+          });
+
+          self.renderDBS();
+        }).error(function() {
+          $('.wrong-credentials').show();
+        });
+      }
     },
 
     renderDBS: function() {
-      var db = $('#loginDatabase').val();
-      $('#goToDatabase').html("Select: "  + db);
-      window.setTimeout(function() {
-        $('#goToDatabase').focus();
-      }, 300);
+
+      if ($('#loginDatabase').children().length === 0) {
+        $('#dbForm').remove();
+        $('#databases').prepend(
+          '<div class="no-database">You do not have permission to a database.</div>'
+        );
+      }
+      else {
+        var db = $('#loginDatabase').val();
+        $('#goToDatabase').html("Select DB: "  + db);
+        window.setTimeout(function() {
+          $('#goToDatabase').focus();
+        }, 300);
+      }
     },
 
     logout: function() {

js/apps/system/_admin/aardvark/APP/frontend/js/views/userPermissions.js

@@ -1,6 +1,6 @@
 /*jshint browser: true */
 /*jshint unused: false */
-/*global CryptoJS, _, arangoHelper, Backbone, window, templateEngine, $ */
+/*global CryptoJS, _, frontendConfig, arangoHelper, Backbone, window, templateEngine, $ */
 
 (function() {
   "use strict";
@@ -57,16 +57,13 @@
       $.ajax({
         type: "PUT",
         url: arangoHelper.databaseUrl("/_api/user/" + encodeURIComponent(user) + "/database/" + encodeURIComponent(db)),
-        contentType: "application/json",
-        data: JSON.stringify({
-          grant: ''
-        })
+        contentType: "application/json"
       });
     },
 
     continueRender: function() {
       var self = this;
-      
+     
       this.currentUser = this.collection.findWhere({
         user: this.username
       });
@@ -75,11 +72,16 @@
 
       arangoHelper.buildUserSubNav(this.currentUser.get("user"), 'Permissions');
 
+
+      var url = arangoHelper.databaseUrl("/_api/user/" + encodeURIComponent(self.currentUser.get("user")) + "/database");
+      if (frontendConfig.db === '_system') {
+        url = arangoHelper.databaseUrl("/_api/user/root/database");
+      }
+
       //FETCH COMPLETE DB LIST
       $.ajax({
         type: "GET",
-        //url: arangoHelper.databaseUrl("/_api/user/" + encodeURIComponent(this.currentUser.get("user")) + "/config"),
-        url: arangoHelper.databaseUrl("/_api/database/user"),
+        url: url,
         contentType: "application/json",
         success: function(data) {
           var allDBs = data.result;
@@ -92,6 +94,13 @@
             contentType: "application/json",
             success: function(data) {
               var permissions = data.result;
+              if (allDBs._system) {
+                var arr = [];
+                _.each(allDBs, function(db, name) {
+                  arr.push(name);
+                });
+                allDBs = arr;
+              }
               self.finishRender(allDBs, permissions);
             }
           });
@@ -101,6 +110,11 @@
     },
 
     finishRender: function(allDBs, permissions) {
+      _.each(permissions, function(value, key) {
+        if (value !== 'rw') {
+          delete permissions[key];
+        }
+      });
 
       $(this.el).html(this.template.render({
         allDBs: allDBs, 

js/apps/system/_admin/aardvark/APP/frontend/scss/_abstracts.scss

@@ -328,12 +328,12 @@
   }
   box-shadow: none;
   display: none;
+  left: initial;
   list-style: none;
   margin: 5px 0 0;
   padding: 5px 0;
   position: absolute;
   right: 0;
-  left: initial;
   top: 80%;
   z-index: 1000;
 

js/apps/system/_admin/aardvark/APP/frontend/scss/_login.scss

@@ -10,6 +10,13 @@
   #databases {
     height: 140px;
 
+    .no-database {
+      background: $c-white;
+      border-radius: 2px;
+      padding: 40px;
+      text-align: center;
+    }
+
     #logout {
       margin-top: 20px;
     }