proper permissions in instance routes, qol on assigning forms in schemas

alfred
Josha von Gizycki 4 years ago
parent d68cf05e47
commit 08fc2403a1

@ -2,4 +2,4 @@
(:require [wanijo.infra.view :as view])) (:require [wanijo.infra.view :as view]))
(defn root! [req] (defn root! [req]
(view/layout :session (:session req))) (view/layout :request req))

@ -1,6 +1,7 @@
(ns wanijo.instance.routes (ns wanijo.instance.routes
(:require [compojure.core :refer [defroutes wrap-routes (:require [compojure.core :refer [defroutes wrap-routes
GET POST DELETE]] GET POST DELETE]
:as compojure]
[ring.util.response :as resp] [ring.util.response :as resp]
[formulare.core :as form] [formulare.core :as form]
[wanijo.instance.view [wanijo.instance.view
@ -150,53 +151,92 @@
instances))) instances)))
(resp/redirect (path :instance-show {:uuid uuid}))) (resp/redirect (path :instance-show {:uuid uuid})))
(defroutes routes (defn schema-uuid-by-instance [req]
(-> (get-in req [:params :schema-uuid])
(domain-schema/find-by-instance!)
:uuid))
(defn schema-uuid-from-params [req]
(get-in req [:params :schema-uuid]))
(def linking-routes
(-> (compojure/routes
(GET (register! :instance-link-selection
"/instance/:uuid/link/:schema-uuid")
[uuid schema-uuid :as req]
(route-link-selection! uuid schema-uuid req))
(POST (register! :instance-link-create
"/instance/:uuid/link/:schema-uuid")
[uuid schema-uuid :as req]
(route-create-link! uuid schema-uuid req)))
(wrap-routes
(middleware-schema/wrap-allowed-to-write!
#(get-in % [:params :schema-uuid])))
(wrap-routes
(middleware-schema/wrap-allowed-to-write!
schema-uuid-by-instance))))
(def writing-routes-with-uuid-in-path
(wrap-routes (wrap-routes
(GET (register! :instance-list "/instance/list/:schema-uuid") (compojure/routes
[schema-uuid :as req] (GET (register! :instance-edit-form "/instance/:uuid/edit")
(route-list! schema-uuid req)) [uuid :as req]
(middleware-schema/wrap-allowed-to-read! (route-edit-form! uuid req))
#(get-in % [:params :schema-uuid]))) (POST (register! :instance-edit "/instance/:uuid")
(POST (register! :instance-new "/instance/new") [] [uuid :as req]
route-new!)
(GET (register! :instance-show "/instance/:uuid")
[uuid :as req]
(route-show! uuid req))
(GET (register! :instance-edit-form "/instance/:uuid/edit")
[uuid :as req]
(route-edit-form! uuid req))
(POST (register! :instance-edit "/instance/:uuid")
[uuid :as req]
(route-edit! uuid req)) (route-edit! uuid req))
(DELETE (register! :instance-delete "/instance/:uuid") (DELETE (register! :instance-delete "/instance/:uuid")
[uuid] [uuid]
(route-delete! uuid)) (route-delete! uuid))
(GET (register! :instance-link-selection (DELETE (register! :instance-link-delete
"/instance/:uuid/link/:schema-uuid") "/instance/:uuid/link/:link-uuid")
[uuid schema-uuid :as req] [uuid link-uuid]
(route-link-selection! uuid schema-uuid req)) (route-delete-link! uuid link-uuid))
(POST (register! :instance-link-create (POST (register! :instance-mark-starred
"/instance/:uuid/link/:schema-uuid") "/instance/:uuid/starred")
[uuid schema-uuid :as req] [uuid :as req]
(route-create-link! uuid schema-uuid req))
(DELETE (register! :instance-link-delete
"/instance/:uuid/link/:link-uuid")
[uuid link-uuid]
(route-delete-link! uuid link-uuid))
(POST (register! :instance-mark-starred
"/instance/:uuid/starred")
[uuid :as req]
(route-mark-starred! uuid req)) (route-mark-starred! uuid req))
(DELETE (register! :instance-remove-starred (DELETE (register! :instance-remove-starred
"/instance/:uuid/starred") "/instance/:uuid/starred")
[uuid :as req] [uuid :as req]
(route-remove-starred! uuid req)) (route-remove-starred! uuid req))
(GET (register! :instance-bulk-link-selection "/instance/:uuid/bulk-link")
[uuid :as req]
(route-bulk-link-selection! uuid req))
(POST (register! :instance-bulk-link-create "/instance/:uuid/bulk-link")
[uuid :as req]
(route-create-bulk-link! uuid req)))
(middleware-schema/wrap-allowed-to-write!
schema-uuid-by-instance)))
(defroutes routes
;; read routes with :schema-uuid
(wrap-routes
(compojure/routes
(GET (register! :instance-list "/instance/list/:schema-uuid")
[schema-uuid :as req]
(route-list! schema-uuid req)))
(middleware-schema/wrap-allowed-to-read!
schema-uuid-from-params))
(wrap-routes
(compojure/routes
(GET (register! :instance-show "/instance/:uuid")
[uuid :as req]
(route-show! uuid req)))
(middleware-schema/wrap-allowed-to-read!
schema-uuid-by-instance))
(wrap-routes
(compojure/routes
(POST (register! :instance-new "/instance/new") []
route-new!))
(middleware-schema/wrap-allowed-to-write!
schema-uuid-from-params))
linking-routes
writing-routes-with-uuid-in-path
(GET (register! :instance-list-starred "/instance/starred/list") (GET (register! :instance-list-starred "/instance/starred/list")
[:as req] [:as req]
(route-list-starred! req)) ;; at some point someone will star an instance and then permissions to
(GET (register! :instance-bulk-link-selection "/instance/:uuid/bulk-link") ;; the schema will be revoked
[uuid :as req] ;; the instances will still be visible but can't be opened anymore
(route-bulk-link-selection! uuid req)) ;; because of missing permissions, so they can't be unstared anymore
(POST (register! :instance-bulk-link-create "/instance/:uuid/bulk-link") (route-list-starred! req)))
[uuid :as req]
(route-create-bulk-link! uuid req)))

@ -67,10 +67,13 @@
RETURN RETURN
EXISTS((:user {uuid: $user_uuid}) EXISTS((:user {uuid: $user_uuid})
-[:permission {type: $type}]- -[:permission {type: $type}]-
(s)) AS user_has_permission, (s))
NOT EXISTS((:user) OR
-[:permission {type: $type}]- EXISTS((:user {uuid : $user_uuid})
(s)) AS is_public") -[:permission {type: 'write'}]-
(s))
AS user_has_permission,
NOT EXISTS((:user)-[:permission]-(s)) AS is_public")
(defn has-user-permission? [perm-type schema-uuid user-uuid] (defn has-user-permission? [perm-type schema-uuid user-uuid]
(let [perms (first (let [perms (first
(neo4j/exec-query! schema-permissions (neo4j/exec-query! schema-permissions

@ -39,12 +39,15 @@
:uuid {:widget :hidden}} :uuid {:widget :hidden}}
:form-specs [::unique-attr-name-per-schema]}) :form-specs [::unique-attr-name-per-schema]})
(def assign-form (defn assign-form [users]
{:fields {:assigned {:label "Users" {:fields {:assigned {:label "Users"
:required false :required false
:spec :wanijo.schema.domain/assigned-to :spec :wanijo.schema.domain/assigned-to
:widget :mselect :widget :mselect
:from-req #(if (vector? %) % [%])} :from-req #(if (vector? %) % [%])
:options (map #(vector (:ident %) (:uuid %))
users)
:size (min 20 (count users))}
:uuid {:widget :hidden}}}) :uuid {:widget :hidden}}})
(def schema-connections-form (def schema-connections-form

@ -21,8 +21,11 @@
(resp/redirect (path :schema-show {:uuid uuid})) (resp/redirect (path :schema-show {:uuid uuid}))
:flash ["No write permission for schema"])))))) :flash ["No write permission for schema"]))))))
(defn wrap-allowed-to-write! [] (defn wrap-allowed-to-write!
(write-permission-middleware! #(get-in % [:params :uuid]))) ([schema-fn]
(write-permission-middleware! schema-fn))
([]
(write-permission-middleware! #(get-in % [:params :uuid]))))
(defn wrap-allowed-to-read! (defn wrap-allowed-to-read!
[schema-fn] [schema-fn]
@ -31,5 +34,5 @@
(let [uuid (schema-fn req)] (let [uuid (schema-fn req)]
(if (db/has-user-read-permissions? uuid (-> req :session :uuid)) (if (db/has-user-read-permissions? uuid (-> req :session :uuid))
(handler req) (handler req)
(assoc (resp/redirect (path :schema-overview)) (assoc (resp/redirect (path :home))
:flash ["No read permission for schema"])))))) :flash ["No read permission for schema"]))))))

@ -28,10 +28,7 @@
(schema-view/show-schema! (schema-view/show-schema!
(domain/find-with-assigned-entities! uuid) (domain/find-with-assigned-entities! uuid)
(db-attr/find-by-schema! uuid) (db-attr/find-by-schema! uuid)
(assoc-in schema-forms/assign-form (schema-forms/assign-form (domain-user/all!))
[:fields :assigned :options]
(map #(vector (:ident %) (:uuid %))
(domain-user/all!)))
(assoc-in schema-forms/schema-connections-form (assoc-in schema-forms/schema-connections-form
[:fields :connections :options] [:fields :connections :options]
(map #(vector (:name %) (:uuid %)) (map #(vector (:name %) (:uuid %))

@ -50,18 +50,20 @@
[:h2 "Permissions"] [:h2 "Permissions"]
[:h3 "Read permissions"] [:h3 "Read permissions"]
(hform/form-to [:post (path :schema-assign-users)] (hform/form-to [:post (path :schema-assign-users)]
(form/render-widgets assign-form (form/render-widgets
(assoc schema :assigned assign-form
(:assigned-read-users schema)) (assoc schema :assigned
req) (:assigned-read-users schema))
req)
(hform/hidden-field "permission" "read") (hform/hidden-field "permission" "read")
(hform/submit-button "Assign")) (hform/submit-button "Assign"))
[:h3 "Write permissions"] [:h3 "Write permissions"]
(hform/form-to [:post (path :schema-assign-users)] (hform/form-to [:post (path :schema-assign-users)]
(form/render-widgets assign-form (form/render-widgets
(assoc schema :assigned assign-form
(:assigned-write-users schema)) (assoc schema :assigned
req) (:assigned-write-users schema))
req)
(hform/hidden-field "permission" "write") (hform/hidden-field "permission" "write")
(hform/submit-button "Assign")) (hform/submit-button "Assign"))
[:h3 "Allowed schema connections"] [:h3 "Allowed schema connections"]

Loading…
Cancel
Save