notid/integreat
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

basic permissions

Browse Source
This commit is contained in:
BC
2019-01-11 00:10:37 -08:00
parent 7151adbfdf
commit 24b82802a8
5 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/clj/auto_ap/datomic/invoices.clj
View File

@@ -1,6 +1,7 @@
(ns auto-ap.datomic.invoices (ns auto-ap.datomic.invoices
(:require [datomic.api :as d] (:require [datomic.api :as d]
[auto-ap.datomic :refer [uri]] [auto-ap.datomic :refer [uri]]
[auto-ap.graphql.utils :refer [limited-clients]]
[clj-time.coerce :as c] [clj-time.coerce :as c]
[clojure.set :refer [rename-keys]] [clojure.set :refer [rename-keys]]
[clojure.string :as str])) [clojure.string :as str]))
@@ -34,6 +35,8 @@
:where ['[?e :invoice/invoice-number]]} :where ['[?e :invoice/invoice-number]]}
:args [(d/db (d/connect uri))]} :args [(d/db (d/connect uri))]}
(limited-clients (:id args)) (add-arg '[?xx ...] (set (map :id (limited-clients (:id args))))
'[?e :invoice/client ?xx])
(:client-id args) (add-arg '?client-id (:client-id args) (:client-id args) (add-arg '?client-id (:client-id args)
'[?e :invoice/client ?client-id]) '[?e :invoice/client ?client-id])

1
src/clj/auto_ap/graphql.clj
View File

@@ -416,6 +416,7 @@
(defn get-company [context args value] (defn get-company [context args value]
(println "user " (:id context))
(->graphql (->graphql
(filter #(can-see-company? (:id context) %) (filter #(can-see-company? (:id context) %)
(d-clients/get-all)))) (d-clients/get-all))))

17
src/clj/auto_ap/graphql/utils.clj
View File

@@ -47,9 +47,22 @@
(defn can-see-company? [identity company] (defn can-see-company? [identity company]
(or (= "admin" (:role identity)) (or (= "admin" (:role identity))
((set (map :db/id (:user/companies identity))) (:db/id company)) ((set (map :db/id (:user/clients identity))) (:db/id company))
((set (map :db/id (:user/companies identity))) company))) ((set (map :db/id (:user/clients identity))) company)))
(defn assert-can-see-company [identity company] (defn assert-can-see-company [identity company]
(when-not (can-see-company? identity company) (when-not (can-see-company? identity company)
(throw-unauthorized))) (throw-unauthorized)))
;; TODO - the namespaces here are missing because jwt.
(defn limited-clients [id]
(println id)
(cond
(= (:role id) "none")
[]
(= (:role id) "admin")
nil
(= (:role id) "user")
(:clients id [])))

9
src/clj/auto_ap/routes/auth.clj
View File

@@ -34,13 +34,14 @@
] ]
(println "authenticated as user" user) (println "authenticated as user" user)
;; TODO - these namespaces are not being transmitted/deserialized properly
(if (and token user) (if (and token user)
{:status 301 {:status 301
:headers {"Location" (str "/?jwt=" (jwt/sign {:user "test" :headers {"Location" (str "/?jwt=" (jwt/sign {:user (:name profile)
:exp (time/plus (time/now) (time/days 7)) :exp (time/plus (time/now) (time/days 7))
:companies (:user/clients user) :user/clients (:user/clients user)
:role (name (:user/role user)) :user/role (name (:user/role user))
:name (:name profile)} :user/name (:name profile)}
(:jwt-secret env) (:jwt-secret env)
{:alg :hs512}))}} {:alg :hs512}))}}
{:status 401 {:status 401

2
src/cljs/auto_ap/views/main.cljs
View File

@@ -39,7 +39,7 @@
(if @user (if @user
[:div {:class (str "navbar-item has-dropdown " (when (get-in @menu [:account :active?]) "is-active"))} [:div {:class (str "navbar-item has-dropdown " (when (get-in @menu [:account :active?]) "is-active"))}
[:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:name @user)] [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:user/name @user)]
[:div {:class "navbar-dropdown"} [:div {:class "navbar-dropdown"}
[:a {:class "navbar-item"} "My profile"] [:a {:class "navbar-item"} "My profile"]
(when (= "admin" (:role @user)) (when (= "admin" (:role @user))