From 5f8ae61bd4ab52ef5f17fc3fcb8fff3deec0088a Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Wed, 19 Feb 2020 15:56:25 +0100
Subject: [PATCH] Add request access button to the access modal

---
 www/common/inner/access.js        | 49 +++++++++++++++++++++++++++----
 www/common/sframe-common-outer.js | 29 +++++++++++++-----
 www/common/toolbar3.js            |  8 +++--
 3 files changed, 70 insertions(+), 16 deletions(-)

diff --git a/www/common/inner/access.js b/www/common/inner/access.js
index 216e7f94f..b0232f0b7 100644
--- a/www/common/inner/access.js
+++ b/www/common/inner/access.js
@@ -65,7 +65,7 @@ define([
                     f = f || user;
                     if (f.name) { f.edPublic = edPublic; }
                 }
-                _owners[ed] = Util.clone(f) || {
+                _owners[ed] = f ? Util.clone(f) : {
                     displayName: Messages._getKey('owner_unknownUser', [ed]),
                     edPublic: ed,
                 };
@@ -395,7 +395,7 @@ define([
                     f = f || user;
                     if (f.name) { f.edPublic = edPublic; }
                 }
-                _allowed[ed] = Util.clone(f) || {
+                _allowed[ed] = f ? Util.clone(f) : {
                     displayName: Messages._getKey('owner_unknownUser', [ed]),
                     edPublic: ed,
                 };
@@ -717,6 +717,7 @@ define([
         opts = opts || {};
 
         var priv = common.getMetadataMgr().getPrivateData();
+        var sframeChan = common.getSframeChannel();
 
         var $div = $(h('div.cp-share-columns'));
         if (!data) { return void cb(void 0, $div); }
@@ -763,8 +764,6 @@ define([
                 // In the properties, we should have the edit href if we know it.
                 // We should know it because the pad is stored, but it's better to check...
                 if (!data.noEditPassword && owned && data.href) { // FIXME SHEET fix password change for sheets
-                    var sframeChan = common.getSframeChannel();
-
                     var isOO = parsed.type === 'sheet';
                     var isFile = parsed.hashData.type === 'file';
                     var isSharedFolder = parsed.type === 'drive';
@@ -881,7 +880,11 @@ define([
             Messages.allow_disabled = 'DISABLED'; // XXX
             Messages.allow_label = 'Allow list: {0}'; // XXX
 
+            var owned = isOwned(common, data);
+            var priv = common.getMetadataMgr().getPrivateData();
+            var edPublic = priv.edPublic;
 
+            // Owners
             var content = [];
             var _ownersGrid = getUserList(common, data.owners);
             if (_ownersGrid && _ownersGrid.div) {
@@ -898,6 +901,41 @@ define([
                 ]));
             }
 
+            // Request edit access
+            if (data.roHref && !data.href) {
+                var requestButton = h('button.btn.btn-secondary.no-margin',
+                                        Messages.requestEdit_button);
+                var requestBlock = h('p', requestButton);
+                var $requestBlock = $(requestBlock).hide();
+                content.push(requestBlock);
+                sframeChan.query('Q_REQUEST_ACCESS', {
+                    send: false,
+                    metadata: data
+                }, function (err, obj) {
+                    // Abort if no mailbox available
+                    if (!(obj && obj.state)) { return; }
+
+                    var spinner = UI.makeSpinner($requestBlock);
+                    $requestBlock.show().find('button').click(function () {
+                        if (spinner.getState()) { return; }
+                        spinner.spin();
+                        sframeChan.query('Q_REQUEST_ACCESS', {
+                            send: true,
+                            metadata: data
+                        }, function (err, obj) {
+                            if (obj && obj.state) {
+                                UI.log(Messages.requestEdit_sent);
+                                $requestBlock.find('button').prop('disabled', true);
+                                spinner.done();
+                            } else {
+                                spinner.hide();
+                            }
+                        });
+                    });
+                });
+            }
+
+            // Allow list
             var state = data.restricted ? Messages.allow_enabled : Messages.allow_disabled;
             content.push(h('label', Messages._getKey('allow_label', [state])));
             if (data.restricted) {
@@ -908,7 +946,6 @@ define([
             return h('div', content);
         };
 
-        var sframeChan = common.getSframeChannel();
         var redraw = function () {
             $div1.empty();
             $div1.append(drawLeft());
@@ -924,6 +961,7 @@ define([
             data.owners = md.owners;
             data.expire = md.expire;
             data.pending_owners = md.pending_owners;
+            data.mailbox = md.mailbox;
             redraw();
         });
         redraw();
@@ -960,6 +998,7 @@ define([
                 data.owners = obj.owners;
                 data.expire = obj.expire;
                 data.pending_owners = obj.pending_owners;
+                data.mailbox = obj.mailbox;
             }));
         }).nThen(function () {
             cb(void 0, data);
diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js
index b831436b3..9fce81594 100644
--- a/www/common/sframe-common-outer.js
+++ b/www/common/sframe-common-outer.js
@@ -1236,22 +1236,24 @@ define([
             });
             // REQUEST_ACCESS is used both to check IF we can contact an owner (send === false)
             // AND also to send the request if we want (send === true)
-            sframeChan.on('Q_REQUEST_ACCESS', function (send, cb) {
+            sframeChan.on('Q_REQUEST_ACCESS', function (data, cb) {
                 if (readOnly && hashes.editHash) {
                     return void cb({error: 'ALREADYKNOWN'});
                 }
+                var send = data.send;
+                var metadata = data.metadata;
                 var owner, owners;
-                var crypto = Crypto.createEncryptor(secret.keys);
+                var _secret = secret;
+                if (metadata && metadata.roHref) {
+                    var _parsed = Utils.Hash.parsePadUrl(metadata.roHref);
+                    _secret = Utils.Hash.getSecrets(_parsed.type, _parsed.hash, metadata.password);
+                }
+                var crypto = Crypto.createEncryptor(_secret.keys);
                 nThen(function (waitFor) {
                     // Try to get the owner's mailbox from the pad metadata first.
                     // If it's is an older owned pad, check if the owner is a friend
                     // or an acquaintance (from async-store directly in requestAccess)
-                    Cryptpad.getPadMetadata({
-                        channel: secret.channel
-                    }, waitFor(function (obj) {
-                        obj = obj || {};
-                        if (obj.error) { return; }
-
+                    var todo = function (obj) {
                         owners = obj.owners;
 
                         var mailbox;
@@ -1270,6 +1272,17 @@ define([
                                 owner = data;
                             } catch (e) { console.error(e); }
                         }
+                    };
+
+                    // If we already have metadata, use it, otherwise, try to get it
+                    if (metadata) { return void todo(metadata); }
+
+                    Cryptpad.getPadMetadata({
+                        channel: secret.channel
+                    }, waitFor(function (obj) {
+                        obj = obj || {};
+                        if (obj.error) { return; }
+                        todo(obj);
                     }));
                 }).nThen(function () {
                     // If we are just checking (send === false) and there is a mailbox field, cb state true
diff --git a/www/common/toolbar3.js b/www/common/toolbar3.js
index b6cb3c125..a46e573ef 100644
--- a/www/common/toolbar3.js
+++ b/www/common/toolbar3.js
@@ -574,6 +574,7 @@ MessengerUI, Messages) {
         return $shareBlock;
     };
 
+    /*
     var createRequest = function (toolbar, config) {
         if (!config.metadataMgr) {
             throw new Error("You must provide a `metadataMgr` to display the request access button");
@@ -590,13 +591,13 @@ MessengerUI, Messages) {
         // If we have access to the owner's mailbox, display the button and enable it
         // false => check if we can contact the owner
         // true ==> send the request
-        Common.getSframeChannel().query('Q_REQUEST_ACCESS', false, function (err, obj) {
+        Common.getSframeChannel().query('Q_REQUEST_ACCESS', {send:false}, function (err, obj) {
             if (obj && obj.state) {
                 var locked = false;
                 $requestBlock.show().click(function () {
                     if (locked) { return; }
                     locked = true;
-                    Common.getSframeChannel().query('Q_REQUEST_ACCESS', true, function (err, obj) {
+                    Common.getSframeChannel().query('Q_REQUEST_ACCESS', {send:true}, function (err, obj) {
                         if (obj && obj.state) {
                             UI.log(Messages.requestEdit_sent);
                             $requestBlock.hide();
@@ -614,6 +615,7 @@ MessengerUI, Messages) {
 
         return $requestBlock;
     };
+    */
 
     var createTitle = function (toolbar, config) {
         var $titleContainer = $('<span>', {
@@ -1226,7 +1228,7 @@ MessengerUI, Messages) {
         tb['fileshare'] = createFileShare;
         tb['title'] = createTitle;
         tb['pageTitle'] = createPageTitle;
-        tb['request'] = createRequest;
+        //tb['request'] = createRequest;
         tb['lag'] = $.noop;
         tb['spinner'] = createSpinner;
         tb['state'] = $.noop;