move permission middleware to schema.middleware

integration-tests
Josha von Gizycki 6 years ago
parent 949619f65a
commit 94a9e10544

@ -8,7 +8,8 @@
[wanijo.schema.view :as schema-view]
[wanijo.schema.domain :as schema-domain]
[wanijo.schema.routes :as schema-routes]
[wanijo.schema.forms :as schema-forms]))
[wanijo.schema.forms :as schema-forms]
[wanijo.schema.middleware :as schema-middleware]))
(defn new! [req]
(let [schema-uuid (get-in req [:params :schema])]
@ -33,7 +34,7 @@
(resp/redirect (path :schema-show {:uuid (get-in req [:params :schema])})))
(defn wrap-allowed-to-write []
(schema-routes/write-permission-middleware
(schema-middleware/write-permission-middleware
#(or (get-in % [:params :schema])
(get-in % [:route-params :schema])
(-> (get-in % [:route-params :uuid])

@ -1,5 +1,7 @@
(ns wanijo.schema.middleware
(:require [wanijo.schema.domain :as domain]
(:require [ring.util.response :as resp]
[wanijo.framework.routing :refer [path]]
[wanijo.schema.domain :as domain]
[wanijo.framework.common :refer [in?]]))
(defn wrap-user-schemas [handler]
@ -9,3 +11,17 @@
[:session :schemas]
(domain/accessible-schemas! uuid)))
(handler req))))
(defn write-permission-middleware [schema-fn]
(fn [handler]
(fn [req]
(let [uuid (schema-fn req)
check-fn domain/has-user-write-permissions?]
(if (check-fn uuid (get-in req [:session :uuid]))
(handler req)
(assoc
(resp/redirect (path :schema-show {:uuid uuid}))
:flash ["No write permission for schema"]))))))
(defn wrap-allowed-to-write []
(write-permission-middleware #(get-in % [:params :uuid])))

@ -2,6 +2,7 @@
(:require [compojure.core :refer [defroutes GET POST DELETE] :as comp]
[ring.util.response :as resp]
[formulare.core :as form]
[wanijo.schema.middleware :as mw]
[wanijo.framework.view :as view]
[wanijo.framework.routing :refer [register! path]]
[wanijo.schema.domain :as domain]
@ -63,20 +64,6 @@
(resp/redirect (path :schema-show (:params req))))
(view! uuid req))))
(defn write-permission-middleware [schema-fn]
(fn [handler]
(fn [req]
(let [uuid (schema-fn req)
check-fn domain/has-user-write-permissions?]
(if (check-fn uuid (get-in req [:session :uuid]))
(handler req)
(assoc
(resp/redirect (path :schema-show {:uuid uuid}))
:flash ["No write permission for schema"]))))))
(defn wrap-allowed-to-write []
(write-permission-middleware #(get-in % [:params :uuid])))
(defroutes write-routes
(POST (register! :schema-edit "/schema/edit") []
edit!)
@ -97,4 +84,4 @@
(POST (register! :schema-new "/schema/new") []
new!)
(comp/wrap-routes write-routes
(wrap-allowed-to-write)))
(mw/wrap-allowed-to-write)))

Loading…
Cancel
Save