From 24b82802a8b86dfdd8ca0f41d85265ba56b09d29 Mon Sep 17 00:00:00 2001 From: BC Date: Fri, 11 Jan 2019 00:10:37 -0800 Subject: [PATCH] basic permissions --- src/clj/auto_ap/datomic/invoices.clj | 3 +++ src/clj/auto_ap/graphql.clj | 1 + src/clj/auto_ap/graphql/utils.clj | 17 +++++++++++++++-- src/clj/auto_ap/routes/auth.clj | 9 +++++---- src/cljs/auto_ap/views/main.cljs | 2 +- 5 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/clj/auto_ap/datomic/invoices.clj b/src/clj/auto_ap/datomic/invoices.clj index ba747333..16a96bc7 100644 --- a/src/clj/auto_ap/datomic/invoices.clj +++ b/src/clj/auto_ap/datomic/invoices.clj @@ -1,6 +1,7 @@ (ns auto-ap.datomic.invoices (:require [datomic.api :as d] [auto-ap.datomic :refer [uri]] + [auto-ap.graphql.utils :refer [limited-clients]] [clj-time.coerce :as c] [clojure.set :refer [rename-keys]] [clojure.string :as str])) @@ -34,6 +35,8 @@ :where ['[?e :invoice/invoice-number]]} :args [(d/db (d/connect uri))]} + (limited-clients (:id args)) (add-arg '[?xx ...] (set (map :id (limited-clients (:id args)))) + '[?e :invoice/client ?xx]) (:client-id args) (add-arg '?client-id (:client-id args) '[?e :invoice/client ?client-id]) diff --git a/src/clj/auto_ap/graphql.clj b/src/clj/auto_ap/graphql.clj index ea284773..7f2299e4 100644 --- a/src/clj/auto_ap/graphql.clj +++ b/src/clj/auto_ap/graphql.clj @@ -416,6 +416,7 @@ (defn get-company [context args value] + (println "user " (:id context)) (->graphql (filter #(can-see-company? (:id context) %) (d-clients/get-all)))) diff --git a/src/clj/auto_ap/graphql/utils.clj b/src/clj/auto_ap/graphql/utils.clj index a9f7afbb..e2736136 100644 --- a/src/clj/auto_ap/graphql/utils.clj +++ b/src/clj/auto_ap/graphql/utils.clj @@ -47,9 +47,22 @@ (defn can-see-company? [identity company] (or (= "admin" (:role identity)) - ((set (map :db/id (:user/companies identity))) (:db/id company)) - ((set (map :db/id (:user/companies identity))) company))) + ((set (map :db/id (:user/clients identity))) (:db/id company)) + ((set (map :db/id (:user/clients identity))) company))) (defn assert-can-see-company [identity company] (when-not (can-see-company? identity company) (throw-unauthorized))) + +;; TODO - the namespaces here are missing because jwt. +(defn limited-clients [id] + (println id) + (cond + (= (:role id) "none") + [] + + (= (:role id) "admin") + nil + + (= (:role id) "user") + (:clients id []))) diff --git a/src/clj/auto_ap/routes/auth.clj b/src/clj/auto_ap/routes/auth.clj index 0efb51f2..c993359a 100644 --- a/src/clj/auto_ap/routes/auth.clj +++ b/src/clj/auto_ap/routes/auth.clj @@ -34,13 +34,14 @@ ] (println "authenticated as user" user) + ;; TODO - these namespaces are not being transmitted/deserialized properly (if (and token user) {:status 301 - :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test" + :headers {"Location" (str "/?jwt=" (jwt/sign {:user (:name profile) :exp (time/plus (time/now) (time/days 7)) - :companies (:user/clients user) - :role (name (:user/role user)) - :name (:name profile)} + :user/clients (:user/clients user) + :user/role (name (:user/role user)) + :user/name (:name profile)} (:jwt-secret env) {:alg :hs512}))}} {:status 401 diff --git a/src/cljs/auto_ap/views/main.cljs b/src/cljs/auto_ap/views/main.cljs index be93dcc8..fc6d0a66 100644 --- a/src/cljs/auto_ap/views/main.cljs +++ b/src/cljs/auto_ap/views/main.cljs @@ -39,7 +39,7 @@ (if @user [:div {:class (str "navbar-item has-dropdown " (when (get-in @menu [:account :active?]) "is-active"))} - [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:name @user)] + [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:user/name @user)] [:div {:class "navbar-dropdown"} [:a {:class "navbar-item"} "My profile"] (when (= "admin" (:role @user))