adding authorization

src/clj/auto_ap/db/checks.clj

@@ -1,5 +1,5 @@
 (ns auto-ap.db.checks
-  (:require [auto-ap.db.utils :refer [clj->db db->clj get-conn execute!] :as u]
+  (:require [auto-ap.db.utils :refer [clj->db db->clj get-conn execute! limited-companies] :as u]
             [auto-ap.entities.companies :as entity]
             [clojure.edn :as edn]
             [clojure.java.jdbc :as j]
@@ -68,8 +68,11 @@
           :else
           q)))
 
-(defn base-graphql [{:keys [company-id vendor-id check-number bank-account-id status amount]}]
+(defn base-graphql [{:keys [company-id vendor-id check-number bank-account-id status amount id]}]
+  (println "ID" id)
+
   (cond-> base-query
+    (limited-companies id) (helpers/merge-where [:in :company-id (limited-companies id)])
     (not (nil? company-id)) (helpers/merge-where [:= :company-id company-id])
     (not (nil? bank-account-id)) (helpers/merge-where [:= :bank-account-id bank-account-id])
     (not (nil? vendor-id)) (helpers/merge-where [:= :vendor-id vendor-id])
@@ -77,7 +80,7 @@
     (not (nil? status)) (helpers/merge-where [:= :status status])
     (not (nil? amount)) (helpers/merge-where [:= :amount amount])))
 
-(defn get-graphql [{:keys [start sort-by asc] :as args}]
+(defn get-graphql [{:keys [start sort-by asc id] :as args}]
   (query
    (cond-> (base-graphql args)
      #_#_(not (nil? sort-by) ) (add-sort-by sort-by asc)

src/clj/auto_ap/db/utils.clj

@@ -68,3 +68,14 @@
   (let [formatted (sql/format q)]
     (println "Executing query " q " SQL: " formatted)
     (j/execute! (get-conn) formatted)))
+
+(defn limited-companies [id]
+  (cond
+    (= (:role id) "none")
+    []
+
+    (= (:role id) "admin")
+    nil
+
+    (= (:role id) "user")
+    (:companies id [])))