diff --git a/src/wanijo/attribute/domain.clj b/src/wanijo/attribute/domain.clj index cda31f7..0b77ee0 100644 --- a/src/wanijo/attribute/domain.clj +++ b/src/wanijo/attribute/domain.clj @@ -11,9 +11,6 @@ (spec/def ::type (spec/and string? types)) -(spec/def ::required - #{"on" nil 0 1 "0" "1"}) - (spec/def ::created-at (spec/and string? ::neo4j/date-str)) @@ -84,3 +81,13 @@ (map :a (neo4j/exec-query! required {:schema_uuid schema-uuid}))) + +(neo4j/defquery schema-of + "MATCH (a:attribute {uuid:{uuid}})-[:of]->(s:schema) + RETURN s") + +(defn schema-of! [uuid] + (->> (neo4j/exec-query! schema-of + {:uuid uuid}) + (map :s) + first)) diff --git a/src/wanijo/attribute/routes.clj b/src/wanijo/attribute/routes.clj index 9e6b407..4c7078f 100644 --- a/src/wanijo/attribute/routes.clj +++ b/src/wanijo/attribute/routes.clj @@ -1,5 +1,6 @@ (ns wanijo.attribute.routes - (:require [compojure.core :refer [defroutes GET POST DELETE]] + (:require [compojure.core :refer [defroutes GET POST DELETE] :as comp] + [clojure.pprint :refer [pprint]] [ring.util.response :as resp] [formulare.core :as form] [wanijo.framework.routing :refer [register! path]] @@ -31,9 +32,16 @@ (domain/delete-by-uuid! uuid) (resp/redirect (path :schema-show {:uuid (get-in req [:params :schema])}))) -(defroutes routes - (POST (register! :attribute-new "/attribute/new") - [] +(defn wrap-allowed-to-write [] + (schema-routes/write-permission-middleware + #(or (get-in % [:params :schema]) + (get-in % [:route-params :schema]) + (-> (get-in % [:route-params :uuid]) + (domain/schema-of!) + :uuid)))) + +(defroutes write-routes + (POST (register! :attribute-new "/attribute/new") [] new!) (POST (register! :attribute-edit "/attribute/edit/:schema") [schema :as req] @@ -41,3 +49,7 @@ (DELETE (register! :attribute-delete "/attribute/:uuid/delete") [uuid :as req] (delete! uuid req))) + +(defroutes routes + (comp/wrap-routes write-routes + (wrap-allowed-to-write))) diff --git a/src/wanijo/schema/forms.clj b/src/wanijo/schema/forms.clj index 891f6b7..28e04e3 100644 --- a/src/wanijo/schema/forms.clj +++ b/src/wanijo/schema/forms.clj @@ -15,7 +15,7 @@ (not= attr-uuid (:uuid %)))) 1 0)) (apply +))] - (not= 0 duplicates))) + (= 0 duplicates))) (spec/def ::unique-attr-name-per-schema unique-attr-name-in-schema!) @@ -29,8 +29,7 @@ (def attr-form {:fields {:name {:label "Name" :required true - :spec ::attr-domain/name - } + :spec ::attr-domain/name} :type {:label "Type" :required true :spec ::attr-domain/type @@ -39,7 +38,6 @@ attr-domain/types)} :required {:label "Required" :required false - :spec ::attr-domain/required :widget :checkbox :from-req #(if (some? %) 1 0)} :uuid {:widget :hidden}} diff --git a/src/wanijo/schema/routes.clj b/src/wanijo/schema/routes.clj index f5d9e56..51de1d6 100644 --- a/src/wanijo/schema/routes.clj +++ b/src/wanijo/schema/routes.clj @@ -63,15 +63,19 @@ (resp/redirect (path :schema-show (:params req)))) (view! uuid req)))) -(defn wrap-allowed-to-write [handler] - (fn [req] - (let [uuid (get-in req [:params :uuid]) - user (get-in req [:session :uuid])] - (if (domain/has-user-write-permissions? uuid user) - (handler req) - (assoc - (resp/redirect (path :schema-show (:params req))) - :flash ["No write permission for schema"]))))) +(defn write-permission-middleware [schema-fn] + (fn [handler] + (fn [req] + (let [uuid (schema-fn req) + check-fn domain/has-user-write-permissions?] + (if (check-fn uuid (get-in req [:session :uuid])) + (handler req) + (assoc + (resp/redirect (path :schema-show {:uuid uuid})) + :flash ["No write permission for schema"])))))) + +(defn wrap-allowed-to-write [] + (write-permission-middleware #(get-in % [:params :uuid]))) (defroutes write-routes (POST (register! :schema-edit "/schema/edit") [] @@ -93,4 +97,4 @@ (POST (register! :schema-new "/schema/new") [] new!) (comp/wrap-routes write-routes - wrap-allowed-to-write)) + (wrap-allowed-to-write)))