fix flash messages, write permission checks

integration-tests
Josha von Gizycki 6 years ago
parent fb6fb63a5a
commit 436ff0a617

@ -56,3 +56,8 @@
(time-format/unparse (time-format/unparse
(time-format/formatters :basic-date-time) (time-format/formatters :basic-date-time)
(time-local/local-now))) (time-local/local-now)))
(defn bool [value]
(if value
(.asBoolean value)
false))

@ -16,12 +16,19 @@
(hform/submit-button {:class "delete-btn"} (hform/submit-button {:class "delete-btn"}
"☒ Delete!")) "☒ Delete!"))
(defn flash-error [content]
[:section.flash--error
[:h2.flash__heading--error "Warning"]
content])
(defn layout! (defn layout!
[& {:keys [content title session] [& {:keys [content title session request]
:or {content [] :or {content []
title nil title nil
session {}}}] request {}
(let [ident (:ident session) session nil}}]
(let [session (or session (:session request))
ident (:ident session)
authed? (some? ident) authed? (some? ident)
devmode? (:devmode session)] devmode? (:devmode session)]
(html5 (html5
@ -60,12 +67,9 @@
[:ul [:ul
(for [schema (:other-schemas session)] (for [schema (:other-schemas session)]
[:li (:name schema)])]])] [:li (:name schema)])]])]
(into [:main] content) (into [:main
;; [:aside (when authed? "aside")] (for [msg (:flash request)]
(flash-error msg))]
content)
[:footer [:footer
[:small "Ilo pali e ijo"]]]]))) [:small "Ilo pali e ijo"]]]])))
(defn flash-error [content]
[:section.flash--error
[:h2.flash__heading--error "Warning"]
content])

@ -85,9 +85,25 @@
first first
:uuid)) :uuid))
(defn can-user-modify? [schema-uuid user-uuid] (neo4j/defquery
(let [creator (find-schema-creator! schema-uuid)] schema-permissions
(= creator user-uuid))) "MATCH (s:schema {uuid:{schema_uuid}})
RETURN
EXISTS((:user {uuid:{user_uuid}})
-[:permission {type:{type}}]-
(s)) AS user_has_permission,
NOT EXISTS((:user)
-[:permission {type:{type}}]-
(s)) AS is_public")
(defn has-user-write-permissions? [schema-uuid user-uuid]
(let [permissions (first (neo4j/exec-query! schema-permissions
{:schema_uuid schema-uuid
:user_uuid user-uuid
:type "write"}))
public? (neo4j/bool (:is_public permissions))
user? (neo4j/bool (:user_has_permission permissions))]
(or public? user?)))
(neo4j/defquery (neo4j/defquery
delete delete

@ -1,5 +1,5 @@
(ns wanijo.schema.routes (ns wanijo.schema.routes
(:require [compojure.core :refer [defroutes GET POST DELETE]] (:require [compojure.core :refer [defroutes GET POST DELETE] :as comp]
[ring.util.response :as resp] [ring.util.response :as resp]
[formulare.core :as form] [formulare.core :as form]
[wanijo.framework.view :as view] [wanijo.framework.view :as view]
@ -19,11 +19,8 @@
(view-schema/overview! req))) (view-schema/overview! req)))
(defn delete-schema! [uuid session] (defn delete-schema! [uuid session]
(if (domain/can-user-modify? uuid (:uuid session)) (domain/delete! uuid)
(do (resp/redirect (path :schema-overview)))
(domain/delete! uuid)
(resp/redirect (path :schema-overview)))
{:status 403}))
(defn view! [uuid req] (defn view! [uuid req]
(view-schema/show-schema! (view-schema/show-schema!
@ -65,7 +62,18 @@
(resp/redirect (path :schema-show (:params req)))) (resp/redirect (path :schema-show (:params req))))
(view! uuid req)))) (view! uuid req))))
(defn wrap-allowed-to-write [handler]
(fn [req]
(let [uuid (get-in req [:params :uuid])
user (get-in req [:session :uuid])]
(if (domain/has-user-write-permissions? uuid user)
(handler req)
(assoc
(resp/redirect (path :schema-show (:params req)))
:flash ["No write permission for schema"])))))
(defroutes routes (defroutes routes
(GET "/403" [] {:status 403 :body "NE"})
(GET (register! :schema-overview "/schema") (GET (register! :schema-overview "/schema")
[] []
view-schema/overview!) view-schema/overview!)
@ -75,15 +83,14 @@
(POST (register! :schema-new "/schema/new") (POST (register! :schema-new "/schema/new")
[] []
new!) new!)
(POST (register! :schema-edit "/schema/edit") (wrap-allowed-to-write
[] (comp/routes
edit!) (POST (register! :schema-edit "/schema/edit") []
(POST (register! :schema-assign-users "/schema/assign/users") edit!)
[] (POST (register! :schema-assign-users "/schema/assign/users") []
assign-users!) assign-users!)
(POST (register! :schema-assign-schemas "/schema/assign/schemas") (POST (register! :schema-assign-schemas "/schema/assign/schemas") []
[] assign-schemas!)
assign-schemas!) (DELETE (register! :schema-delete "/schema/:uuid")
(DELETE (register! :schema-delete "/schema/:uuid") [uuid :as req]
[uuid :as req] (delete-schema! uuid (:session req))))))
(delete-schema! uuid (:session req))))

@ -75,7 +75,7 @@
(defn show-schema! [schema attrs assign-form conn-form req] (defn show-schema! [schema attrs assign-form conn-form req]
(view/layout! (view/layout!
:session (:session req) :request req
:content :content
[[:h1 "Schema " [[:h1 "Schema "
[:span.schema-title__name (:name schema)]] [:span.schema-title__name (:name schema)]]

Loading…
Cancel
Save