basic permissions

2019-01-11 00:10:37 -08:00
parent 7151adbfdf
commit 24b82802a8
5 changed files with 25 additions and 7 deletions
--- a/src/clj/auto_ap/datomic/invoices.clj
+++ b/src/clj/auto_ap/datomic/invoices.clj
@@ -1,6 +1,7 @@
 (ns auto-ap.datomic.invoices
  (:require [datomic.api :as d]
            [auto-ap.datomic :refer [uri]]
+            [auto-ap.graphql.utils :refer [limited-clients]]
            [clj-time.coerce :as c]
            [clojure.set :refer [rename-keys]]
            [clojure.string :as str]))
@@ -34,6 +35,8 @@
                         :where ['[?e :invoice/invoice-number]]}
                 :args [(d/db (d/connect uri))]}

+          (limited-clients (:id args)) (add-arg '[?xx ...] (set (map :id (limited-clients (:id args))))
+                                                '[?e :invoice/client ?xx])
          (:client-id args) (add-arg '?client-id (:client-id args)
                                     '[?e :invoice/client ?client-id])

--- a/src/clj/auto_ap/graphql.clj
+++ b/src/clj/auto_ap/graphql.clj
@@ -416,6 +416,7 @@


 (defn get-company [context args value]
+  (println "user " (:id context))
  (->graphql
   (filter #(can-see-company? (:id context) %)
           (d-clients/get-all))))
--- a/src/clj/auto_ap/graphql/utils.clj
+++ b/src/clj/auto_ap/graphql/utils.clj
@@ -47,9 +47,22 @@

 (defn can-see-company? [identity company]
  (or (= "admin" (:role identity))
-      ((set (map :db/id (:user/companies identity))) (:db/id company))
-      ((set (map :db/id (:user/companies identity))) company)))
+      ((set (map :db/id (:user/clients identity))) (:db/id company))
+      ((set (map :db/id (:user/clients identity))) company)))

 (defn assert-can-see-company [identity company]
  (when-not (can-see-company? identity company)
    (throw-unauthorized)))
+
+;; TODO - the namespaces here are missing because jwt.
+(defn limited-clients [id]
+  (println id)
+  (cond
+    (= (:role id) "none")
+    []
+
+    (= (:role id) "admin")
+    nil
+
+    (= (:role id) "user")
+    (:clients id [])))
--- a/src/clj/auto_ap/routes/auth.clj
+++ b/src/clj/auto_ap/routes/auth.clj
@@ -34,13 +34,14 @@
               ]
           (println "authenticated as user" user)
           
+           ;; TODO - these namespaces are not being transmitted/deserialized properly
           (if (and token user)
             {:status 301
-              :headers {"Location" (str "/?jwt=" (jwt/sign {:user "test"
+              :headers {"Location" (str "/?jwt=" (jwt/sign {:user (:name profile)
                                                            :exp (time/plus (time/now) (time/days 7))
-                                                            :companies (:user/clients user)
-                                                            :role (name (:user/role user))
-                                                            :name (:name profile)}
+                                                            :user/clients (:user/clients user)
+                                                            :user/role (name (:user/role user))
+                                                            :user/name (:name profile)}
                                                           (:jwt-secret env)
                                                           {:alg :hs512}))}}
             {:status 401
--- a/src/cljs/auto_ap/views/main.cljs
+++ b/src/cljs/auto_ap/views/main.cljs
@@ -39,7 +39,7 @@
      (if @user
        [:div {:class (str "navbar-item has-dropdown " (when (get-in @menu [:account :active?]) "is-active"))}
         
-         [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:name @user)]
+         [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:user/name @user)]
         [:div {:class "navbar-dropdown"}
          [:a {:class "navbar-item"} "My profile"]
          (when (= "admin" (:role @user))