reimplemented security

src/clj/auto_ap/graphql/utils.clj

@@ -8,7 +8,9 @@
   (str/replace s #"_" "-"))
 
 (defn kebab [x]
-  (keyword (snake->kebab (name x))))
+  (if (qualified-keyword? x)
+    (keyword (snake->kebab (namespace x)) (snake->kebab (name x)) )
+    (keyword (snake->kebab (name x)))))
 
 (defn kebab->snake [s]
   (str/replace s #"-" "_"))
@@ -42,27 +44,27 @@
 
 
 (defn assert-admin [id]
-  (when-not (= "admin" (:role id))
+  (when-not (= "admin" (:user/role id))
     (throw-unauthorized)))
 
 (defn can-see-company? [identity company]
-  (or (= "admin" (:role identity))
+  (or (= "admin" (:user/role identity))
       ((set (map :db/id (:user/clients identity))) (:db/id company))
       ((set (map :db/id (:user/clients identity))) company)))
 
 (defn assert-can-see-company [identity company]
   (when-not (can-see-company? identity company)
+    (println "IDENTITY " identity " can not see company " company)
     (throw-unauthorized)))
 
-;; TODO - the namespaces here are missing because jwt.
 (defn limited-clients [id]
-  (println id)
   (cond
-    (= (:role id) "none")
+    (or 
+    (= (:user/role id) "none"))
     []
 
-    (= (:role id) "admin")
+    (= (:user/role id) "admin")
     nil
 
-    (= (:role id) "user")
-    (:clients id [])))
+    (= (:user/role id) "user")
+    (:user/clients id [])))