proper permissions in instance routes, qol on assigning forms in schemas

alfred
Josha von Gizycki 4 years ago
parent d68cf05e47
commit 08fc2403a1

@ -2,4 +2,4 @@
(:require [wanijo.infra.view :as view]))
(defn root! [req]
(view/layout :session (:session req)))
(view/layout :request req))

@ -1,6 +1,7 @@
(ns wanijo.instance.routes
(:require [compojure.core :refer [defroutes wrap-routes
GET POST DELETE]]
GET POST DELETE]
:as compojure]
[ring.util.response :as resp]
[formulare.core :as form]
[wanijo.instance.view
@ -150,53 +151,92 @@
instances)))
(resp/redirect (path :instance-show {:uuid uuid})))
(defroutes routes
(defn schema-uuid-by-instance [req]
(-> (get-in req [:params :schema-uuid])
(domain-schema/find-by-instance!)
:uuid))
(defn schema-uuid-from-params [req]
(get-in req [:params :schema-uuid]))
(def linking-routes
(-> (compojure/routes
(GET (register! :instance-link-selection
"/instance/:uuid/link/:schema-uuid")
[uuid schema-uuid :as req]
(route-link-selection! uuid schema-uuid req))
(POST (register! :instance-link-create
"/instance/:uuid/link/:schema-uuid")
[uuid schema-uuid :as req]
(route-create-link! uuid schema-uuid req)))
(wrap-routes
(middleware-schema/wrap-allowed-to-write!
#(get-in % [:params :schema-uuid])))
(wrap-routes
(middleware-schema/wrap-allowed-to-write!
schema-uuid-by-instance))))
(def writing-routes-with-uuid-in-path
(wrap-routes
(GET (register! :instance-list "/instance/list/:schema-uuid")
[schema-uuid :as req]
(route-list! schema-uuid req))
(middleware-schema/wrap-allowed-to-read!
#(get-in % [:params :schema-uuid])))
(POST (register! :instance-new "/instance/new") []
route-new!)
(GET (register! :instance-show "/instance/:uuid")
[uuid :as req]
(route-show! uuid req))
(GET (register! :instance-edit-form "/instance/:uuid/edit")
[uuid :as req]
(route-edit-form! uuid req))
(POST (register! :instance-edit "/instance/:uuid")
[uuid :as req]
(compojure/routes
(GET (register! :instance-edit-form "/instance/:uuid/edit")
[uuid :as req]
(route-edit-form! uuid req))
(POST (register! :instance-edit "/instance/:uuid")
[uuid :as req]
(route-edit! uuid req))
(DELETE (register! :instance-delete "/instance/:uuid")
[uuid]
(route-delete! uuid))
(GET (register! :instance-link-selection
"/instance/:uuid/link/:schema-uuid")
[uuid schema-uuid :as req]
(route-link-selection! uuid schema-uuid req))
(POST (register! :instance-link-create
"/instance/:uuid/link/:schema-uuid")
[uuid schema-uuid :as req]
(route-create-link! uuid schema-uuid req))
(DELETE (register! :instance-link-delete
"/instance/:uuid/link/:link-uuid")
[uuid link-uuid]
(route-delete-link! uuid link-uuid))
(POST (register! :instance-mark-starred
"/instance/:uuid/starred")
[uuid :as req]
(DELETE (register! :instance-delete "/instance/:uuid")
[uuid]
(route-delete! uuid))
(DELETE (register! :instance-link-delete
"/instance/:uuid/link/:link-uuid")
[uuid link-uuid]
(route-delete-link! uuid link-uuid))
(POST (register! :instance-mark-starred
"/instance/:uuid/starred")
[uuid :as req]
(route-mark-starred! uuid req))
(DELETE (register! :instance-remove-starred
"/instance/:uuid/starred")
[uuid :as req]
(route-remove-starred! uuid req))
(DELETE (register! :instance-remove-starred
"/instance/:uuid/starred")
[uuid :as req]
(route-remove-starred! uuid req))
(GET (register! :instance-bulk-link-selection "/instance/:uuid/bulk-link")
[uuid :as req]
(route-bulk-link-selection! uuid req))
(POST (register! :instance-bulk-link-create "/instance/:uuid/bulk-link")
[uuid :as req]
(route-create-bulk-link! uuid req)))
(middleware-schema/wrap-allowed-to-write!
schema-uuid-by-instance)))
(defroutes routes
;; read routes with :schema-uuid
(wrap-routes
(compojure/routes
(GET (register! :instance-list "/instance/list/:schema-uuid")
[schema-uuid :as req]
(route-list! schema-uuid req)))
(middleware-schema/wrap-allowed-to-read!
schema-uuid-from-params))
(wrap-routes
(compojure/routes
(GET (register! :instance-show "/instance/:uuid")
[uuid :as req]
(route-show! uuid req)))
(middleware-schema/wrap-allowed-to-read!
schema-uuid-by-instance))
(wrap-routes
(compojure/routes
(POST (register! :instance-new "/instance/new") []
route-new!))
(middleware-schema/wrap-allowed-to-write!
schema-uuid-from-params))
linking-routes
writing-routes-with-uuid-in-path
(GET (register! :instance-list-starred "/instance/starred/list")
[:as req]
(route-list-starred! req))
(GET (register! :instance-bulk-link-selection "/instance/:uuid/bulk-link")
[uuid :as req]
(route-bulk-link-selection! uuid req))
(POST (register! :instance-bulk-link-create "/instance/:uuid/bulk-link")
[uuid :as req]
(route-create-bulk-link! uuid req)))
;; at some point someone will star an instance and then permissions to
;; the schema will be revoked
;; the instances will still be visible but can't be opened anymore
;; because of missing permissions, so they can't be unstared anymore
(route-list-starred! req)))

@ -67,10 +67,13 @@
RETURN
EXISTS((:user {uuid: $user_uuid})
-[:permission {type: $type}]-
(s)) AS user_has_permission,
NOT EXISTS((:user)
-[:permission {type: $type}]-
(s)) AS is_public")
(s))
OR
EXISTS((:user {uuid : $user_uuid})
-[:permission {type: 'write'}]-
(s))
AS user_has_permission,
NOT EXISTS((:user)-[:permission]-(s)) AS is_public")
(defn has-user-permission? [perm-type schema-uuid user-uuid]
(let [perms (first
(neo4j/exec-query! schema-permissions

@ -39,12 +39,15 @@
:uuid {:widget :hidden}}
:form-specs [::unique-attr-name-per-schema]})
(def assign-form
(defn assign-form [users]
{:fields {:assigned {:label "Users"
:required false
:spec :wanijo.schema.domain/assigned-to
:widget :mselect
:from-req #(if (vector? %) % [%])}
:from-req #(if (vector? %) % [%])
:options (map #(vector (:ident %) (:uuid %))
users)
:size (min 20 (count users))}
:uuid {:widget :hidden}}})
(def schema-connections-form

@ -21,8 +21,11 @@
(resp/redirect (path :schema-show {:uuid uuid}))
:flash ["No write permission for schema"]))))))
(defn wrap-allowed-to-write! []
(write-permission-middleware! #(get-in % [:params :uuid])))
(defn wrap-allowed-to-write!
([schema-fn]
(write-permission-middleware! schema-fn))
([]
(write-permission-middleware! #(get-in % [:params :uuid]))))
(defn wrap-allowed-to-read!
[schema-fn]
@ -31,5 +34,5 @@
(let [uuid (schema-fn req)]
(if (db/has-user-read-permissions? uuid (-> req :session :uuid))
(handler req)
(assoc (resp/redirect (path :schema-overview))
(assoc (resp/redirect (path :home))
:flash ["No read permission for schema"]))))))

@ -28,10 +28,7 @@
(schema-view/show-schema!
(domain/find-with-assigned-entities! uuid)
(db-attr/find-by-schema! uuid)
(assoc-in schema-forms/assign-form
[:fields :assigned :options]
(map #(vector (:ident %) (:uuid %))
(domain-user/all!)))
(schema-forms/assign-form (domain-user/all!))
(assoc-in schema-forms/schema-connections-form
[:fields :connections :options]
(map #(vector (:name %) (:uuid %))

@ -50,18 +50,20 @@
[:h2 "Permissions"]
[:h3 "Read permissions"]
(hform/form-to [:post (path :schema-assign-users)]
(form/render-widgets assign-form
(assoc schema :assigned
(:assigned-read-users schema))
req)
(form/render-widgets
assign-form
(assoc schema :assigned
(:assigned-read-users schema))
req)
(hform/hidden-field "permission" "read")
(hform/submit-button "Assign"))
[:h3 "Write permissions"]
(hform/form-to [:post (path :schema-assign-users)]
(form/render-widgets assign-form
(assoc schema :assigned
(:assigned-write-users schema))
req)
(form/render-widgets
assign-form
(assoc schema :assigned
(:assigned-write-users schema))
req)
(hform/hidden-field "permission" "write")
(hform/submit-button "Assign"))
[:h3 "Allowed schema connections"]

Loading…
Cancel
Save