Update social.coffee to generalize the Login to View system

server/social.coffee

@@ -387,22 +387,40 @@ module.exports = exports = (log, loga, argv) ->
     if argv.restricted?
 
       allowedToView = (req) ->
-        allowed = []
         if argv.allowed_domains?
           if Array.isArray(argv.allowed_domains)
-            allowed = argv.allowed_domains
+            allowed_domains = argv.allowed_domains
           else
             # accommodate copy bug to be fixed soon
             # https://github.com/fedwiki/wiki/blob/4c6eee69e78c1ba3f3fc8d61f4450f70afb78f10/farm.coffee#L98-L103
             for k, v of argv.allowed_domains
-              allowed.push v
-        # emails = [ { value: '[email protected]', type: 'account' } ]
-        emails = req.session?.passport?.user?.google?.emails
-        return false unless emails
-        for entry in emails
-          have = entry.value.split('@')[1]
-          for want in allowed
-            return true if want == have
+              allowed_domains.push v
+          try
+            # emails = [ { value: '[email protected]', type: 'account' } ]
+            emails = req.session.passport.user.google.emails
+            for entry in emails
+              have = entry.value.split('@')[1]
+              for want in allowed_domains
+                return true if want == have
+          catch error
+            return false
+        if argv.allowed_usernames?
+          if Array.isArray(argv.allowed_usernames)
+            allowed_usernames = argv.allowed_usernames
+          else
+            # accommodate copy bug to be fixed soon
+            # https://github.com/fedwiki/wiki/blob/4c6eee69e78c1ba3f3fc8d61f4450f70afb78f10/farm.coffee#L98-L103
+            for k, v of argv.allowed_usernames
+              allowed_usernames.push
+          try
+            idProvider = _.head(_.keys(req.session.passport.user))
+            switch idProvider
+              when 'github', 'twitter', 'oauth2'
+                username = req.session.passport.user[idProvider].username
+                for want in allowed_usernames
+                  return true if want == username
+          catch error
+            return false
         false
 
       app.all '*', (req, res, next) ->