From 08fc2403a182942219d9ac1a973eaeaee2cf65d6 Mon Sep 17 00:00:00 2001 From: Josha von Gizycki Date: Sat, 6 Mar 2021 23:08:27 +0100 Subject: [PATCH] proper permissions in instance routes, qol on assigning forms in schemas --- src/wanijo/home/view.clj | 2 +- src/wanijo/instance/routes.clj | 132 ++++++++++++++++++++----------- src/wanijo/schema/db.clj | 11 ++- src/wanijo/schema/forms.clj | 7 +- src/wanijo/schema/middleware.clj | 9 ++- src/wanijo/schema/routes.clj | 5 +- src/wanijo/schema/view.clj | 18 +++-- 7 files changed, 116 insertions(+), 68 deletions(-) diff --git a/src/wanijo/home/view.clj b/src/wanijo/home/view.clj index 03078e0..fa599e7 100644 --- a/src/wanijo/home/view.clj +++ b/src/wanijo/home/view.clj @@ -2,4 +2,4 @@ (:require [wanijo.infra.view :as view])) (defn root! [req] - (view/layout :session (:session req))) + (view/layout :request req)) diff --git a/src/wanijo/instance/routes.clj b/src/wanijo/instance/routes.clj index e1de5c2..126fd7b 100644 --- a/src/wanijo/instance/routes.clj +++ b/src/wanijo/instance/routes.clj @@ -1,6 +1,7 @@ (ns wanijo.instance.routes (:require [compojure.core :refer [defroutes wrap-routes - GET POST DELETE]] + GET POST DELETE] + :as compojure] [ring.util.response :as resp] [formulare.core :as form] [wanijo.instance.view @@ -150,53 +151,92 @@ instances))) (resp/redirect (path :instance-show {:uuid uuid}))) -(defroutes routes +(defn schema-uuid-by-instance [req] + (-> (get-in req [:params :schema-uuid]) + (domain-schema/find-by-instance!) + :uuid)) + +(defn schema-uuid-from-params [req] + (get-in req [:params :schema-uuid])) + +(def linking-routes + (-> (compojure/routes + (GET (register! :instance-link-selection + "/instance/:uuid/link/:schema-uuid") + [uuid schema-uuid :as req] + (route-link-selection! uuid schema-uuid req)) + (POST (register! :instance-link-create + "/instance/:uuid/link/:schema-uuid") + [uuid schema-uuid :as req] + (route-create-link! uuid schema-uuid req))) + (wrap-routes + (middleware-schema/wrap-allowed-to-write! + #(get-in % [:params :schema-uuid]))) + (wrap-routes + (middleware-schema/wrap-allowed-to-write! + schema-uuid-by-instance)))) + +(def writing-routes-with-uuid-in-path (wrap-routes - (GET (register! :instance-list "/instance/list/:schema-uuid") - [schema-uuid :as req] - (route-list! schema-uuid req)) - (middleware-schema/wrap-allowed-to-read! - #(get-in % [:params :schema-uuid]))) - (POST (register! :instance-new "/instance/new") [] - route-new!) - (GET (register! :instance-show "/instance/:uuid") - [uuid :as req] - (route-show! uuid req)) - (GET (register! :instance-edit-form "/instance/:uuid/edit") - [uuid :as req] - (route-edit-form! uuid req)) - (POST (register! :instance-edit "/instance/:uuid") - [uuid :as req] + (compojure/routes + (GET (register! :instance-edit-form "/instance/:uuid/edit") + [uuid :as req] + (route-edit-form! uuid req)) + (POST (register! :instance-edit "/instance/:uuid") + [uuid :as req] (route-edit! uuid req)) - (DELETE (register! :instance-delete "/instance/:uuid") - [uuid] - (route-delete! uuid)) - (GET (register! :instance-link-selection - "/instance/:uuid/link/:schema-uuid") - [uuid schema-uuid :as req] - (route-link-selection! uuid schema-uuid req)) - (POST (register! :instance-link-create - "/instance/:uuid/link/:schema-uuid") - [uuid schema-uuid :as req] - (route-create-link! uuid schema-uuid req)) - (DELETE (register! :instance-link-delete - "/instance/:uuid/link/:link-uuid") - [uuid link-uuid] - (route-delete-link! uuid link-uuid)) - (POST (register! :instance-mark-starred - "/instance/:uuid/starred") - [uuid :as req] + (DELETE (register! :instance-delete "/instance/:uuid") + [uuid] + (route-delete! uuid)) + (DELETE (register! :instance-link-delete + "/instance/:uuid/link/:link-uuid") + [uuid link-uuid] + (route-delete-link! uuid link-uuid)) + (POST (register! :instance-mark-starred + "/instance/:uuid/starred") + [uuid :as req] (route-mark-starred! uuid req)) - (DELETE (register! :instance-remove-starred - "/instance/:uuid/starred") - [uuid :as req] - (route-remove-starred! uuid req)) + (DELETE (register! :instance-remove-starred + "/instance/:uuid/starred") + [uuid :as req] + (route-remove-starred! uuid req)) + (GET (register! :instance-bulk-link-selection "/instance/:uuid/bulk-link") + [uuid :as req] + (route-bulk-link-selection! uuid req)) + (POST (register! :instance-bulk-link-create "/instance/:uuid/bulk-link") + [uuid :as req] + (route-create-bulk-link! uuid req))) + (middleware-schema/wrap-allowed-to-write! + schema-uuid-by-instance))) + +(defroutes routes + ;; read routes with :schema-uuid + (wrap-routes + (compojure/routes + (GET (register! :instance-list "/instance/list/:schema-uuid") + [schema-uuid :as req] + (route-list! schema-uuid req))) + (middleware-schema/wrap-allowed-to-read! + schema-uuid-from-params)) + (wrap-routes + (compojure/routes + (GET (register! :instance-show "/instance/:uuid") + [uuid :as req] + (route-show! uuid req))) + (middleware-schema/wrap-allowed-to-read! + schema-uuid-by-instance)) + (wrap-routes + (compojure/routes + (POST (register! :instance-new "/instance/new") [] + route-new!)) + (middleware-schema/wrap-allowed-to-write! + schema-uuid-from-params)) + linking-routes + writing-routes-with-uuid-in-path (GET (register! :instance-list-starred "/instance/starred/list") [:as req] - (route-list-starred! req)) - (GET (register! :instance-bulk-link-selection "/instance/:uuid/bulk-link") - [uuid :as req] - (route-bulk-link-selection! uuid req)) - (POST (register! :instance-bulk-link-create "/instance/:uuid/bulk-link") - [uuid :as req] - (route-create-bulk-link! uuid req))) + ;; at some point someone will star an instance and then permissions to + ;; the schema will be revoked + ;; the instances will still be visible but can't be opened anymore + ;; because of missing permissions, so they can't be unstared anymore + (route-list-starred! req))) diff --git a/src/wanijo/schema/db.clj b/src/wanijo/schema/db.clj index 88bafa4..1c1826a 100644 --- a/src/wanijo/schema/db.clj +++ b/src/wanijo/schema/db.clj @@ -67,10 +67,13 @@ RETURN EXISTS((:user {uuid: $user_uuid}) -[:permission {type: $type}]- - (s)) AS user_has_permission, - NOT EXISTS((:user) - -[:permission {type: $type}]- - (s)) AS is_public") + (s)) + OR + EXISTS((:user {uuid : $user_uuid}) + -[:permission {type: 'write'}]- + (s)) + AS user_has_permission, + NOT EXISTS((:user)-[:permission]-(s)) AS is_public") (defn has-user-permission? [perm-type schema-uuid user-uuid] (let [perms (first (neo4j/exec-query! schema-permissions diff --git a/src/wanijo/schema/forms.clj b/src/wanijo/schema/forms.clj index d4c1854..67c14fc 100644 --- a/src/wanijo/schema/forms.clj +++ b/src/wanijo/schema/forms.clj @@ -39,12 +39,15 @@ :uuid {:widget :hidden}} :form-specs [::unique-attr-name-per-schema]}) -(def assign-form +(defn assign-form [users] {:fields {:assigned {:label "Users" :required false :spec :wanijo.schema.domain/assigned-to :widget :mselect - :from-req #(if (vector? %) % [%])} + :from-req #(if (vector? %) % [%]) + :options (map #(vector (:ident %) (:uuid %)) + users) + :size (min 20 (count users))} :uuid {:widget :hidden}}}) (def schema-connections-form diff --git a/src/wanijo/schema/middleware.clj b/src/wanijo/schema/middleware.clj index 68d93f7..415bc80 100644 --- a/src/wanijo/schema/middleware.clj +++ b/src/wanijo/schema/middleware.clj @@ -21,8 +21,11 @@ (resp/redirect (path :schema-show {:uuid uuid})) :flash ["No write permission for schema"])))))) -(defn wrap-allowed-to-write! [] - (write-permission-middleware! #(get-in % [:params :uuid]))) +(defn wrap-allowed-to-write! + ([schema-fn] + (write-permission-middleware! schema-fn)) + ([] + (write-permission-middleware! #(get-in % [:params :uuid])))) (defn wrap-allowed-to-read! [schema-fn] @@ -31,5 +34,5 @@ (let [uuid (schema-fn req)] (if (db/has-user-read-permissions? uuid (-> req :session :uuid)) (handler req) - (assoc (resp/redirect (path :schema-overview)) + (assoc (resp/redirect (path :home)) :flash ["No read permission for schema"])))))) diff --git a/src/wanijo/schema/routes.clj b/src/wanijo/schema/routes.clj index 7effc51..ee17e22 100644 --- a/src/wanijo/schema/routes.clj +++ b/src/wanijo/schema/routes.clj @@ -28,10 +28,7 @@ (schema-view/show-schema! (domain/find-with-assigned-entities! uuid) (db-attr/find-by-schema! uuid) - (assoc-in schema-forms/assign-form - [:fields :assigned :options] - (map #(vector (:ident %) (:uuid %)) - (domain-user/all!))) + (schema-forms/assign-form (domain-user/all!)) (assoc-in schema-forms/schema-connections-form [:fields :connections :options] (map #(vector (:name %) (:uuid %)) diff --git a/src/wanijo/schema/view.clj b/src/wanijo/schema/view.clj index 7af958d..972fb07 100644 --- a/src/wanijo/schema/view.clj +++ b/src/wanijo/schema/view.clj @@ -50,18 +50,20 @@ [:h2 "Permissions"] [:h3 "Read permissions"] (hform/form-to [:post (path :schema-assign-users)] - (form/render-widgets assign-form - (assoc schema :assigned - (:assigned-read-users schema)) - req) + (form/render-widgets + assign-form + (assoc schema :assigned + (:assigned-read-users schema)) + req) (hform/hidden-field "permission" "read") (hform/submit-button "Assign")) [:h3 "Write permissions"] (hform/form-to [:post (path :schema-assign-users)] - (form/render-widgets assign-form - (assoc schema :assigned - (:assigned-write-users schema)) - req) + (form/render-widgets + assign-form + (assoc schema :assigned + (:assigned-write-users schema)) + req) (hform/hidden-field "permission" "write") (hform/submit-button "Assign")) [:h3 "Allowed schema connections"]