Allow embedding of folders and access to folders to anonymous editors with edit_hash/spaceAuth links (#63)

* add subspaces to be listed with edit_hash/spaceAuth authorization * remove dead code from api_helpers.js * add edit_hash authorization for requested space thumbnails * handle /s/:hash links in frontend router * set space_auth via a function, allow passing it to load_space * rename variable in /s/:hash router in backend * hide search, profile, breadcrumb in folders if not logged in, construct links to subspaces differently for anonymous editors
2025-12-15 17:37:30 +01:00 · 2020-06-02 20:47:58 +02:00
parent 8ddbec6b68
commit 0c5fa597e8
8 changed files with 99 additions and 83 deletions
--- a/public/javascripts/backend.js
+++ b/public/javascripts/backend.js
@@ -6,6 +6,10 @@ var websocket = null;
 var channel_id = null;
 var space_auth = null;

+function set_space_auth(hash) {
+  space_auth = hash;
+}
+
 function load_resource(method, path, data, on_success, on_error, on_progress) {
  var req = new XMLHttpRequest();
  req.onload = function(evt,b,c) {
@@ -44,18 +48,14 @@ function load_resource(method, path, data, on_success, on_error, on_progress) {
  }

  req.withCredentials = true;
-
  req.open(method, api_endpoint+"/api"+path, true);

  if (api_token) {
    req.setRequestHeader("X-Spacedeck-Auth", api_token);
  }
-
  if (space_auth) {
-    console.log("set space auth", space_auth);
    req.setRequestHeader("X-Spacedeck-Space-Auth", space_auth);
  }
-
  if (channel_id) {
    req.setRequestHeader("X-Spacedeck-Channel", channel_id);
  }
--- a/public/javascripts/spacedeck_routes.js
+++ b/public/javascripts/spacedeck_routes.js
@@ -17,6 +17,21 @@ var SpacedeckRoutes = {
          }.bind(this)
        }
      ]);
+      
+      this.router.add([
+        {
+          path: "/s/:hash",
+          handler: function(params, on_success) {
+            var parts = params.hash.split("-");
+            if (path.length > 0) {
+              this.load_space(parts.slice(1).join("-"), on_success, null, parts[0]);
+            } else {
+              // FIXME error handling
+              on_success();
+            }
+          }.bind(this)
+        }
+      ]);

      this.router.add([
        {
--- a/public/javascripts/spacedeck_sections.js
+++ b/public/javascripts/spacedeck_sections.js
@@ -405,7 +405,12 @@ var SpacedeckSections = {
      }
      if (space.space_type == "folder") return "";

-      return "background-image:url('/api/spaces/"+space._id+"/png')";
+      var query_string = "";
+      if (space_auth) {
+        query_string+="?spaceAuth="+space.edit_hash;
+      }
+
+      return "background-image:url('/api/spaces/"+space._id+"/png"+query_string+"')";
    },

    reset_artifact_filters: function() {
--- a/public/javascripts/spacedeck_spaces.js
+++ b/public/javascripts/spacedeck_spaces.js
@@ -99,12 +99,16 @@ var SpacedeckSpaces = {
      }.bind(this), {value: dft || "Guest "+parseInt(10000*Math.random()), ok: __("ok"), cancel: __("cancel")});
    },
    
-    load_space: function(space_id, on_success, on_error) {
+    load_space: function(space_id, on_success, on_error, space_auth) {
      this.folder_spaces_filter="";
      this.folder_spaces_search="";

-      space_auth = get_query_param("spaceAuth");
-
+      if (space_auth) {
+        set_space_auth(space_auth);
+      } else {
+        set_space_auth(get_query_param("spaceAuth"));
+      }
+      
      this.embedded = !!(get_query_param("embedded"));

      var userReady = function() {