read permission check

6 years ago · e6aa0707e5
parent 29228853dc
commit e6aa0707e5
5 changed files with 21 additions and 6 deletions
--- a/src/wanijo/instance/routes.clj
+++ b/src/wanijo/instance/routes.clj
@ -14,12 +14,11 @@
  (view/list! (domain-schema/find-by-uuid! schema-uuid)
              (domain/find-by-schema! schema-uuid)
              (forms-inst/instance-form schema-uuid)
-              (new-form schema-uuid)
              req))

 (defn new! [req]
  (let [schema-uuid (get-in req [:params :schema-uuid])
-        form-def (new-form schema-uuid)]
+        form-def (forms-inst/instance-form schema-uuid)]
    (if (form/valid? form-def req)
      (let [form-data (form/form-data form-def req)
            req-attrs (domain-attr/required! schema-uuid)
--- a/src/wanijo/schema/domain.clj
+++ b/src/wanijo/schema/domain.clj
@ -10,6 +10,7 @@

 (spec/def ::assigned-to
  (spec/or :public empty?
+           :assigned-single ::neo4j/uuid
           :assigned (spec/coll-of ::neo4j/uuid)))

 (neo4j/defquery
--- a/src/wanijo/schema/middleware.clj
+++ b/src/wanijo/schema/middleware.clj
@ -24,3 +24,13 @@

 (defn wrap-allowed-to-write []
  (write-permission-middleware #(get-in % [:params :uuid])))
+
+(defn wrap-allowed-to-read [schema-fn]
+  (fn [handler]
+    (fn [req]
+      (let [uuid (schema-fn req)
+            check-fn domain/has-user-read-permissions?]
+        (if (check-fn uuid (get-in req [:session :uuid]))
+          (handler req)
+          (assoc (resp/redirect (path :schema-overview))
+                 :flash ["No read permission for schema"]))))))
--- a/src/wanijo/schema/routes.clj
+++ b/src/wanijo/schema/routes.clj
@ -75,13 +75,18 @@
          [uuid :as req]
          (delete-schema! uuid (:session req))))

+(defroutes read-routes
+  (GET (register! :schema-show "/schema/:uuid")
+       [uuid :as req]
+       (view! uuid req)))
+
 (defroutes routes
  (GET (register! :schema-overview "/schema") []
       schema-view/overview!)
-  (GET (register! :schema-show "/schema/:uuid")
-       [uuid :as req]
-       (view! uuid req))
  (POST (register! :schema-new "/schema/new") []
        new!)
+  (comp/wrap-routes read-routes
+                    (mw/wrap-allowed-to-read
+                     #(get-in % [:route-params :uuid])))
  (comp/wrap-routes write-routes
                    (mw/wrap-allowed-to-write)))
--- a/src/wanijo/schema/view.clj
+++ b/src/wanijo/schema/view.clj
@ -13,7 +13,7 @@
        uuid (:uuid session)
        schemas (domain/all-created-by! uuid)]
    (view/layout!
-     :session session
+     :request req
     :content
     [[:h1 "All schemas"]
      [:table