permissions for rest endpoints.

2018-07-10 22:34:58 -07:00
parent 9189c820d7
commit b1cbd2c854
6 changed files with 24 additions and 64 deletions
--- a/src/clj/auto_ap/routes/invoices.clj
+++ b/src/clj/auto_ap/routes/invoices.clj
@@ -5,6 +5,7 @@
            [auto-ap.db.utils :refer [query]]
            [auto-ap.utils :refer [by]]
            [auto-ap.parse :as parse]
+            [auto-ap.graphql.utils :refer [assert-admin]]
            [auto-ap.routes.utils :refer [wrap-secure]]
            [clj-time.coerce :refer [to-date]]
            [auto-ap.db.invoices-expense-accounts :as expense-accounts]
@@ -70,32 +71,7 @@
 (defroutes routes
  (wrap-routes
   (context "/invoices" []
-            (GET "/" []
-                 {:status 200
-                  :body (pr-str (invoices/get-all))
-                  :headers {"Content-Type" "application/edn"}})
-
-            (GET "/unpaid" {:keys [query-params] :as r}
-                 {:status 200
-                  :body (pr-str (invoices/get-unpaid (query-params "company")))
-                  :headers {"Content-Type" "application/edn"}})
-
-            (GET "/pending" {:keys [query-params]}
-                 {:status 200
-                  :body (pr-str (invoices/get-pending (query-params "company")))
-                  :headers {"Content-Type" "application/edn"}})
-            
-            (POST "/approve" {:keys [query-params]}
-                  (invoices/approve)
-                  {:status 200
-                   :body (pr-str (invoices/get-pending (query-params "company")))
-                   :headers {"Content-Type" "application/edn"}})
-            (POST "/reject" {:keys [query-params]}
-                  (invoices/reject)
-                  {:status 200
-                   :body (pr-str (invoices/get-pending (query-params "company")))
-                   :headers {"Content-Type" "application/edn"}})
-            (POST "/upload"
+            #_(POST "/upload"
                  {{  files "file"} :params :as params}
                  (let [{:keys [filename tempfile]} files
                        companies (companies/get-all)
@@ -106,7 +82,8 @@
                     :headers {"Content-Type" "application/edn"}}))

            (POST "/upload-integreat"
-                  {{:keys [excel-rows]}  :edn-params}
+                  {{:keys [excel-rows]}  :edn-params identity :identity}
+                  (assert-admin identity)
                  (let [columns [:raw-date :vendor-name :check :location :invoice-number :amount :company :bill-entered :bill-rejected :added-on :exported-on]
                        
                        all-vendors (by :name (vendors/get-all))