reimplemented security
This commit is contained in:
Bryce Covert
BIN
resources/signatures/BellaSaratoga.jpg
Normal file
BIN
resources/signatures/BellaSaratoga.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
BIN
resources/signatures/BrownChickenBrownCow.jpg
Normal file
BIN
resources/signatures/BrownChickenBrownCow.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 25 KiB |
BIN
resources/signatures/MamaLus.jpg
Normal file
BIN
resources/signatures/MamaLus.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 32 KiB |
BIN
resources/signatures/Moscini.jpg
Normal file
BIN
resources/signatures/Moscini.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
BIN
resources/signatures/Orale.jpg
Normal file
BIN
resources/signatures/Orale.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
BIN
resources/signatures/Robertos.jpg
Normal file
BIN
resources/signatures/Robertos.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 20 KiB |
BIN
resources/signatures/Sorelle.jpg
Normal file
BIN
resources/signatures/Sorelle.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 28 KiB |
BIN
resources/signatures/WarmElements.jpg
Normal file
BIN
resources/signatures/WarmElements.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 25 KiB |
BIN
resources/signatures/WillowGlen.jpg
Normal file
BIN
resources/signatures/WillowGlen.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
@@ -762,3 +762,4 @@
|
||||
|
||||
(count (clojure.pprint/pprint (query-payments))))
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
(ns auto-ap.datomic.checks
|
||||
(:require [datomic.api :as d]
|
||||
[auto-ap.datomic :refer [uri]]
|
||||
[auto-ap.graphql.utils :refer [limited-clients]]
|
||||
[clojure.set :refer [rename-keys]]
|
||||
[clj-time.coerce :as c]))
|
||||
|
||||
@@ -32,6 +33,9 @@
|
||||
:where ['[?e :payment/client]]}
|
||||
:args [(d/db (d/connect uri))]}
|
||||
|
||||
(limited-clients (:id args)) (add-arg '[?xx ...] (set (map :db/id (limited-clients (:id args))))
|
||||
'[?e :payment/client ?xx])
|
||||
|
||||
(:client-id args) (add-arg '?client-id (:client-id args)
|
||||
'[?e :payment/client ?client-id])
|
||||
(:original-id args) (add-arg '?original-id (cond-> (:original-id args) (string? (:original-id args)) Long/parseLong )
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
:where ['[?e :invoice/invoice-number]]}
|
||||
:args [(d/db (d/connect uri))]}
|
||||
|
||||
(limited-clients (:id args)) (add-arg '[?xx ...] (set (map :id (limited-clients (:id args))))
|
||||
(limited-clients (:id args)) (add-arg '[?xx ...] (set (map :db/id (limited-clients (:id args))))
|
||||
'[?e :invoice/client ?xx])
|
||||
(:client-id args) (add-arg '?client-id (:client-id args)
|
||||
'[?e :invoice/client ?client-id])
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
(ns auto-ap.datomic.transactions
|
||||
(:require [datomic.api :as d]
|
||||
[auto-ap.datomic :refer [uri]]
|
||||
[auto-ap.graphql.utils :refer [limited-clients]]
|
||||
[clj-time.coerce :as c]))
|
||||
|
||||
(defn add-arg [query name value where & rest]
|
||||
@@ -19,6 +20,8 @@
|
||||
:where ['[?e :transaction/id]]}
|
||||
:args [(d/db (d/connect uri))]}
|
||||
|
||||
(limited-clients (:id args)) (add-arg '[?xx ...] (set (map :db/id (limited-clients (:id args))))
|
||||
'[?e :transaction/client ?xx])
|
||||
(:client-id args) (add-arg '?client-id (:client-id args)
|
||||
'[?e :transaction/client ?client-id])
|
||||
(:original-id args) (add-arg '?original-id (cond-> (:original-id args) (string? (:original-id args)) Long/parseLong )
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
(ns auto-ap.db.checks
|
||||
(:require [auto-ap.db.utils :refer [clj->db db->clj get-conn execute! limited-companies] :as u]
|
||||
(:require [auto-ap.db.utils :refer [clj->db db->clj get-conn execute!] :as u]
|
||||
[auto-ap.entities.companies :as entity]
|
||||
[clojure.edn :as edn]
|
||||
[clojure.java.jdbc :as j]
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
(ns auto-ap.db.invoices
|
||||
(:require [auto-ap.db.utils :refer [clj->db kebab->snake db->clj get-conn query limited-companies] :as utils]
|
||||
(:require [auto-ap.db.utils :refer [clj->db kebab->snake db->clj get-conn query] :as utils]
|
||||
[auto-ap.parse :as parse]
|
||||
[auto-ap.db.companies :as companies]
|
||||
[auto-ap.db.invoices-checks :as invoices-checks]
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
[honeysql.helpers :as helpers]
|
||||
[honeysql-postgres.format :as postgres-format]
|
||||
[honeysql-postgres.helpers :as postgres-helpers]
|
||||
[auto-ap.db.utils :refer [clj->db kebab->snake db->clj get-conn query limited-companies] :as utils]))
|
||||
[auto-ap.db.utils :refer [clj->db kebab->snake db->clj get-conn query] :as utils]))
|
||||
|
||||
(def base-query (sql/build :select :*
|
||||
:from :transactions))
|
||||
|
||||
@@ -68,14 +68,3 @@
|
||||
(let [formatted (sql/format q)]
|
||||
(println "Executing query " q " SQL: " formatted)
|
||||
(j/execute! (get-conn) formatted)))
|
||||
|
||||
(defn limited-companies [id]
|
||||
(cond
|
||||
(= (:role id) "none")
|
||||
[]
|
||||
|
||||
(= (:role id) "admin")
|
||||
nil
|
||||
|
||||
(= (:role id) "user")
|
||||
(:companies id [])))
|
||||
|
||||
@@ -402,21 +402,7 @@
|
||||
:limit Integer/MAX_VALUE))))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
(defn get-company [context args value]
|
||||
(println "user " (:id context))
|
||||
(->graphql
|
||||
(filter #(can-see-company? (:id context) %)
|
||||
(d-clients/get-all))))
|
||||
|
||||
@@ -316,7 +316,7 @@
|
||||
(let [invoice (d-invoices/get-by-id (:invoice_id args))
|
||||
bank-account-id (:bank_account_id args)
|
||||
bank-account (d-bank-accounts/get-by-id bank-account-id)
|
||||
_ (assert-can-see-company (:id context) (:company-id invoice))
|
||||
_ (assert-can-see-company (:id context) (:invoice/client invoice))
|
||||
base-payment (base-payment [invoice] (:invoice/vendor invoice)
|
||||
(:invoice/client invoice)
|
||||
bank-account :payment-type/check 0 {(:invoice_id args) (:amount args)})]
|
||||
|
||||
@@ -8,10 +8,11 @@
|
||||
[auto-ap.time :refer [parse normal-date]]))
|
||||
|
||||
(defn get-transaction-page [context args value]
|
||||
(println "TRANSACTION PAGE")
|
||||
(let [args (assoc args :id (:id context))
|
||||
transactions (map
|
||||
->graphql
|
||||
(d-transactions/get-graphql (<-graphql args)))
|
||||
(d-transactions/get-graphql (doto (<-graphql args) println)))
|
||||
transactions-count (d-transactions/count-graphql (<-graphql args))]
|
||||
[{:transactions transactions
|
||||
:total transactions-count
|
||||
|
||||
@@ -8,7 +8,9 @@
|
||||
(str/replace s #"_" "-"))
|
||||
|
||||
(defn kebab [x]
|
||||
(keyword (snake->kebab (name x))))
|
||||
(if (qualified-keyword? x)
|
||||
(keyword (snake->kebab (namespace x)) (snake->kebab (name x)) )
|
||||
(keyword (snake->kebab (name x)))))
|
||||
|
||||
(defn kebab->snake [s]
|
||||
(str/replace s #"-" "_"))
|
||||
@@ -42,27 +44,27 @@
|
||||
|
||||
|
||||
(defn assert-admin [id]
|
||||
(when-not (= "admin" (:role id))
|
||||
(when-not (= "admin" (:user/role id))
|
||||
(throw-unauthorized)))
|
||||
|
||||
(defn can-see-company? [identity company]
|
||||
(or (= "admin" (:role identity))
|
||||
(or (= "admin" (:user/role identity))
|
||||
((set (map :db/id (:user/clients identity))) (:db/id company))
|
||||
((set (map :db/id (:user/clients identity))) company)))
|
||||
|
||||
(defn assert-can-see-company [identity company]
|
||||
(when-not (can-see-company? identity company)
|
||||
(println "IDENTITY " identity " can not see company " company)
|
||||
(throw-unauthorized)))
|
||||
|
||||
;; TODO - the namespaces here are missing because jwt.
|
||||
(defn limited-clients [id]
|
||||
(println id)
|
||||
(cond
|
||||
(= (:role id) "none")
|
||||
(or
|
||||
(= (:user/role id) "none"))
|
||||
[]
|
||||
|
||||
(= (:role id) "admin")
|
||||
(= (:user/role id) "admin")
|
||||
nil
|
||||
|
||||
(= (:role id) "user")
|
||||
(:clients id [])))
|
||||
(= (:user/role id) "user")
|
||||
(:user/clients id [])))
|
||||
|
||||
@@ -39,7 +39,10 @@
|
||||
{:status 301
|
||||
:headers {"Location" (str "/?jwt=" (jwt/sign {:user (:name profile)
|
||||
:exp (time/plus (time/now) (time/days 7))
|
||||
:user/clients (:user/clients user)
|
||||
:user/clients (map (fn [c]
|
||||
(dissoc c :client/bank-accounts )
|
||||
)
|
||||
(:user/clients user))
|
||||
:user/role (name (:user/role user))
|
||||
:user/name (:name profile)}
|
||||
(:jwt-secret env)
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
(wrap-routes
|
||||
(context "/graphql" []
|
||||
(GET "/" {:keys [query-params] :as r}
|
||||
(when (= "none" (:role (:identity r)))
|
||||
(when (= "none" (:user/role (:identity r)))
|
||||
(throw-unauthorized))
|
||||
|
||||
(try
|
||||
|
||||
@@ -165,6 +165,7 @@
|
||||
(map (parse-or-error :client-id parse-client-id))
|
||||
(map (parse-or-error :date parse-date)))
|
||||
error-rows (filter :errors rows)
|
||||
_ (println "importing raw transactions" rows)
|
||||
|
||||
raw-transactions (vec (->> rows
|
||||
(filter #(not (seq (:errors %))) )
|
||||
|
||||
@@ -68,23 +68,23 @@
|
||||
(try
|
||||
(when client-id
|
||||
@(->> [(remove-nils #:transaction
|
||||
{:post-date (time/parse post-date "YYYY-MM-dd")
|
||||
:id (sha-256 (str id))
|
||||
:account-id account-id
|
||||
:date (coerce/to-date (time/parse date "YYYY-MM-dd"))
|
||||
:amount amount
|
||||
:description-original description-original
|
||||
:description-simple description-simple
|
||||
:type type
|
||||
:status status
|
||||
:client client-id
|
||||
:check-number check-number
|
||||
:bank-account (transaction->bank-account-id transaction)
|
||||
:payment (when check-id
|
||||
{:db/id check-id
|
||||
:payment/status :payment-status/cleared}
|
||||
)
|
||||
})]
|
||||
{:post-date (time/parse post-date "YYYY-MM-dd")
|
||||
:id (sha-256 (str id))
|
||||
:account-id account-id
|
||||
:date (coerce/to-date (time/parse date "YYYY-MM-dd"))
|
||||
:amount amount
|
||||
:description-original description-original
|
||||
:description-simple description-simple
|
||||
:type type
|
||||
:status status
|
||||
:client client-id
|
||||
:check-number check-number
|
||||
:bank-account (transaction->bank-account-id transaction)
|
||||
:payment (when check-id
|
||||
{:db/id check-id
|
||||
:payment/status :payment-status/cleared}
|
||||
)
|
||||
})]
|
||||
|
||||
|
||||
(d/transact (d/connect uri))))
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
[:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:user/name @user)]
|
||||
[:div {:class "navbar-dropdown"}
|
||||
[:a {:class "navbar-item"} "My profile"]
|
||||
(when (= "admin" (:role @user))
|
||||
(when (= "admin" (:user/role @user))
|
||||
[:a {:class "navbar-item" :href (bidi/path-for routes/routes :admin)
|
||||
:on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} "Administration"])
|
||||
[:hr {:class "navbar-divider"}]
|
||||
@@ -55,6 +55,7 @@
|
||||
(let [company (re-frame/subscribe [::subs/company])
|
||||
companies (re-frame/subscribe [::subs/companies])
|
||||
menu (re-frame/subscribe [::subs/menu])]
|
||||
|
||||
[:div
|
||||
[:nav {:class "navbar has-shadow"}
|
||||
[:div {:class "container"}
|
||||
|
||||
@@ -206,7 +206,7 @@
|
||||
|
||||
[:div
|
||||
[:h1.title "Transactions"]
|
||||
(when (= "admin" (:role user))
|
||||
(when (= "admin" (:user/role user))
|
||||
(list
|
||||
(when (:message @notification)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user