half-ass instance editing, corrections, half-assed permission checks

integration-tests
Josha von Gizycki 6 years ago
parent fa20f83aa9
commit cccfa3e237

@ -76,3 +76,14 @@
(:a %)) (:a %))
(neo4j/exec-query! find-properties (neo4j/exec-query! find-properties
{:uuid uuid}))) {:uuid uuid})))
(neo4j/defquery edit-instance
"MATCH (i:instance {uuid:{uuid}})
SET i.name = {name},
i.updated_at = {updated_at}")
(defn edit! [instance]
(neo4j/exec-query! edit-instance
{:uuid (:uuid instance)
:name (:name instance)
:updated_at (neo4j/now-str)}))

@ -17,7 +17,7 @@
(defn attr->field [attr] (defn attr->field [attr]
{:label (:name attr) {:label (:name attr)
:required true :required (= 1 (:required attr))
:widget (attr-type->widget (:type attr))}) :widget (attr-type->widget (:type attr))})
(defn with-attributes [attrs] (defn with-attributes [attrs]

@ -1,13 +1,16 @@
(ns wanijo.instance.routes (ns wanijo.instance.routes
(:require [compojure.core :refer [defroutes GET POST DELETE]] (:require [compojure.core :refer [defroutes wrap-routes
GET POST DELETE]]
[ring.util.response :as resp] [ring.util.response :as resp]
[formulare.core :as form] [formulare.core :as form]
[wanijo.instance [wanijo.instance
[view :as view] [view :as view]
[domain :as domain] [domain :as domain]
[forms :as forms-inst]] [forms :as forms-inst]]
[wanijo.schema
[domain :as domain-schema]
[middleware :as middleware-schema]]
[wanijo.framework.routing :refer [register! path]] [wanijo.framework.routing :refer [register! path]]
[wanijo.schema.domain :as domain-schema]
[wanijo.attribute.domain :as domain-attr])) [wanijo.attribute.domain :as domain-attr]))
(defn list! [schema-uuid req] (defn list! [schema-uuid req]
@ -31,22 +34,46 @@
(:params req)))) (:params req))))
(list! schema-uuid req)))) (list! schema-uuid req))))
(defn show! [uuid req] (defn form! [uuid]
(let [instance (assoc (domain/find-by-uuid! uuid) (forms-inst/with-attributes
(domain-attr/find-by-instance! uuid)))
(defn instance! [uuid]
(assoc (domain/find-by-uuid! uuid)
:properties :properties
(domain/find-properties! uuid)) (domain/find-properties! uuid)))
(defn show! [uuid req]
(let [instance (instance! uuid)
attrs (domain-attr/find-by-instance! uuid)] attrs (domain-attr/find-by-instance! uuid)]
(view/show! instance (view/show! instance
(forms-inst/with-attributes attrs) (form! uuid)
(forms-inst/instance->form-data instance) (forms-inst/instance->form-data instance)
req))) req)))
(defn edit! [uuid req]
(let [form-def (form! uuid)
instance (instance! uuid)]
(if (form/valid? form-def req)
(let [form-data (form/form-data form-def req)
attrs (domain-attr/find-by-instance! uuid)
form-instance (forms-inst/form-data->instance form-data attrs)
instance (assoc form-instance :uuid uuid)]
(domain/edit! instance)
(resp/redirect (path :instance-show instance)))
(show! uuid req))))
(defroutes routes (defroutes routes
(GET (register! :instance-list "/instance/list/:schema-uuid") (wrap-routes (GET (register! :instance-list "/instance/list/:schema-uuid")
[schema-uuid :as req] [schema-uuid :as req]
(list! schema-uuid req)) (list! schema-uuid req))
(middleware-schema/wrap-allowed-to-read
#(get-in % [:params :schema-uuid])))
(POST (register! :instance-new "/instance/new") [] (POST (register! :instance-new "/instance/new") []
new!) new!)
(GET (register! :instance-show "/instance/:uuid") (GET (register! :instance-show "/instance/:uuid")
[uuid :as req] [uuid :as req]
(show! uuid req))) (show! uuid req))
(POST (register! :instance-edit "/instance/:uuid")
[uuid :as req]
(edit! uuid req)))

@ -39,5 +39,6 @@
:request req :request req
:content :content
[[:h1 (:name instance)] [[:h1 (:name instance)]
(hform/form-to [:post ""] (hform/form-to [:post (path :instance-edit instance)]
(form/render-widgets form form-data req))])) (form/render-widgets form form-data req)
(hform/submit-button "Create!"))]))

@ -25,12 +25,17 @@
(defn wrap-allowed-to-write [] (defn wrap-allowed-to-write []
(write-permission-middleware #(get-in % [:params :uuid]))) (write-permission-middleware #(get-in % [:params :uuid])))
(defn wrap-allowed-to-read [schema-fn] (defn wrap-allowed-to-read
([schema-fn]
(wrap-allowed-to-read schema-fn
(fn [_]
(assoc (resp/redirect (path :schema-overview))
:flash ["No read permission for schema"]))))
([schema-fn not-allowed-fn]
(fn [handler] (fn [handler]
(fn [req] (fn [req]
(let [uuid (schema-fn req) (let [uuid (schema-fn req)
check-fn domain/has-user-read-permissions?] check-fn domain/has-user-read-permissions?]
(if (check-fn uuid (get-in req [:session :uuid])) (if (check-fn uuid (get-in req [:session :uuid]))
(handler req) (handler req)
(assoc (resp/redirect (path :schema-overview)) (not-allowed-fn req)))))))
:flash ["No read permission for schema"]))))))

@ -2,13 +2,14 @@
(:require [compojure.core :refer [defroutes GET POST DELETE] :as comp] (:require [compojure.core :refer [defroutes GET POST DELETE] :as comp]
[ring.util.response :as resp] [ring.util.response :as resp]
[formulare.core :as form] [formulare.core :as form]
[wanijo.schema.middleware :as mw]
[wanijo.framework.view :as view] [wanijo.framework.view :as view]
[wanijo.framework.routing :refer [register! path]] [wanijo.framework.routing :refer [register! path]]
[wanijo.schema.domain :as domain]
[wanijo.user.domain :as domain-user] [wanijo.user.domain :as domain-user]
[wanijo.schema.view :as schema-view] [wanijo.schema
[wanijo.schema.forms :as schema-forms] [view :as schema-view]
[forms :as schema-forms]
[domain :as domain]
[middleware :as middleware]]
[wanijo.attribute.domain :as domain-attr])) [wanijo.attribute.domain :as domain-attr]))
(defn new! [req] (defn new! [req]
@ -86,7 +87,7 @@
(POST (register! :schema-new "/schema/new") [] (POST (register! :schema-new "/schema/new") []
new!) new!)
(comp/wrap-routes read-routes (comp/wrap-routes read-routes
(mw/wrap-allowed-to-read (middleware/wrap-allowed-to-read
#(get-in % [:route-params :uuid]))) #(get-in % [:route-params :uuid])))
(comp/wrap-routes write-routes (comp/wrap-routes write-routes
(mw/wrap-allowed-to-write))) (middleware/wrap-allowed-to-write)))

Loading…
Cancel
Save