write permission check on attribute changes

integration-tests
Josha von Gizycki 6 years ago
parent cff6e9e965
commit 193ab989af

@ -11,9 +11,6 @@
(spec/def ::type
(spec/and string? types))
(spec/def ::required
#{"on" nil 0 1 "0" "1"})
(spec/def ::created-at
(spec/and string? ::neo4j/date-str))
@ -84,3 +81,13 @@
(map :a
(neo4j/exec-query! required
{:schema_uuid schema-uuid})))
(neo4j/defquery schema-of
"MATCH (a:attribute {uuid:{uuid}})-[:of]->(s:schema)
RETURN s")
(defn schema-of! [uuid]
(->> (neo4j/exec-query! schema-of
{:uuid uuid})
(map :s)
first))

@ -1,5 +1,6 @@
(ns wanijo.attribute.routes
(:require [compojure.core :refer [defroutes GET POST DELETE]]
(:require [compojure.core :refer [defroutes GET POST DELETE] :as comp]
[clojure.pprint :refer [pprint]]
[ring.util.response :as resp]
[formulare.core :as form]
[wanijo.framework.routing :refer [register! path]]
@ -31,9 +32,16 @@
(domain/delete-by-uuid! uuid)
(resp/redirect (path :schema-show {:uuid (get-in req [:params :schema])})))
(defroutes routes
(POST (register! :attribute-new "/attribute/new")
[]
(defn wrap-allowed-to-write []
(schema-routes/write-permission-middleware
#(or (get-in % [:params :schema])
(get-in % [:route-params :schema])
(-> (get-in % [:route-params :uuid])
(domain/schema-of!)
:uuid))))
(defroutes write-routes
(POST (register! :attribute-new "/attribute/new") []
new!)
(POST (register! :attribute-edit "/attribute/edit/:schema")
[schema :as req]
@ -41,3 +49,7 @@
(DELETE (register! :attribute-delete "/attribute/:uuid/delete")
[uuid :as req]
(delete! uuid req)))
(defroutes routes
(comp/wrap-routes write-routes
(wrap-allowed-to-write)))

@ -15,7 +15,7 @@
(not= attr-uuid (:uuid %))))
1 0))
(apply +))]
(not= 0 duplicates)))
(= 0 duplicates)))
(spec/def ::unique-attr-name-per-schema
unique-attr-name-in-schema!)
@ -29,8 +29,7 @@
(def attr-form
{:fields {:name {:label "Name"
:required true
:spec ::attr-domain/name
}
:spec ::attr-domain/name}
:type {:label "Type"
:required true
:spec ::attr-domain/type
@ -39,7 +38,6 @@
attr-domain/types)}
:required {:label "Required"
:required false
:spec ::attr-domain/required
:widget :checkbox
:from-req #(if (some? %) 1 0)}
:uuid {:widget :hidden}}

@ -63,15 +63,19 @@
(resp/redirect (path :schema-show (:params req))))
(view! uuid req))))
(defn wrap-allowed-to-write [handler]
(defn write-permission-middleware [schema-fn]
(fn [handler]
(fn [req]
(let [uuid (get-in req [:params :uuid])
user (get-in req [:session :uuid])]
(if (domain/has-user-write-permissions? uuid user)
(let [uuid (schema-fn req)
check-fn domain/has-user-write-permissions?]
(if (check-fn uuid (get-in req [:session :uuid]))
(handler req)
(assoc
(resp/redirect (path :schema-show (:params req)))
:flash ["No write permission for schema"])))))
(resp/redirect (path :schema-show {:uuid uuid}))
:flash ["No write permission for schema"]))))))
(defn wrap-allowed-to-write []
(write-permission-middleware #(get-in % [:params :uuid])))
(defroutes write-routes
(POST (register! :schema-edit "/schema/edit") []
@ -93,4 +97,4 @@
(POST (register! :schema-new "/schema/new") []
new!)
(comp/wrap-routes write-routes
wrap-allowed-to-write))
(wrap-allowed-to-write)))

Loading…
Cancel
Save