notid/integreat
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

adding authorization

Browse Source
This commit is contained in:
Bryce Covert
2018-07-10 20:16:26 -07:00
parent d87ebbbfe4
commit dd9b7ce86e
6 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
project.clj
View File

@@ -70,7 +70,7 @@
:plugins [[lein-figwheel "0.5.13"] :plugins [[lein-figwheel "0.5.13"]
[lein-pdo "0.1.1"] [lein-pdo "0.1.1"]
[cider/cider-nrepl "0.16.0"]] [cider/cider-nrepl "0.16.0"]]
:jvm-opts ["-Dconfig=config/dev.edn" "--add-modules" "java.xml.bind"]} :jvm-opts ["-Dconfig=config/dev.edn" #_#_"--add-modules" "java.xml.bind"]}
:uberjar {:prep-tasks [["cljsbuild" "once" "min"] "compile"]} :uberjar {:prep-tasks [["cljsbuild" "once" "min"] "compile"]}
:provided {:dependencies [[org.clojure/clojurescript "1.10.238"] :provided {:dependencies [[org.clojure/clojurescript "1.10.238"]
[reagent "0.7.0"] [reagent "0.7.0"]

9
src/clj/auto_ap/db/checks.clj
View File

@@ -1,5 +1,5 @@
(ns auto-ap.db.checks (ns auto-ap.db.checks
(:require [auto-ap.db.utils :refer [clj->db db->clj get-conn execute!] :as u] (:require [auto-ap.db.utils :refer [clj->db db->clj get-conn execute! limited-companies] :as u]
[auto-ap.entities.companies :as entity] [auto-ap.entities.companies :as entity]
[clojure.edn :as edn] [clojure.edn :as edn]
[clojure.java.jdbc :as j] [clojure.java.jdbc :as j]
@@ -68,8 +68,11 @@
:else :else
q))) q)))
(defn base-graphql [{:keys [company-id vendor-id check-number bank-account-id status amount]}] (defn base-graphql [{:keys [company-id vendor-id check-number bank-account-id status amount id]}]
(println "ID" id)
(cond-> base-query (cond-> base-query
(limited-companies id) (helpers/merge-where [:in :company-id (limited-companies id)])
(not (nil? company-id)) (helpers/merge-where [:= :company-id company-id]) (not (nil? company-id)) (helpers/merge-where [:= :company-id company-id])
(not (nil? bank-account-id)) (helpers/merge-where [:= :bank-account-id bank-account-id]) (not (nil? bank-account-id)) (helpers/merge-where [:= :bank-account-id bank-account-id])
(not (nil? vendor-id)) (helpers/merge-where [:= :vendor-id vendor-id]) (not (nil? vendor-id)) (helpers/merge-where [:= :vendor-id vendor-id])
@@ -77,7 +80,7 @@
(not (nil? status)) (helpers/merge-where [:= :status status]) (not (nil? status)) (helpers/merge-where [:= :status status])
(not (nil? amount)) (helpers/merge-where [:= :amount amount]))) (not (nil? amount)) (helpers/merge-where [:= :amount amount])))
(defn get-graphql [{:keys [start sort-by asc] :as args}] (defn get-graphql [{:keys [start sort-by asc id] :as args}]
(query (query
(cond-> (base-graphql args) (cond-> (base-graphql args)
#_#_(not (nil? sort-by) ) (add-sort-by sort-by asc) #_#_(not (nil? sort-by) ) (add-sort-by sort-by asc)

11
src/clj/auto_ap/db/utils.clj
View File

@@ -68,3 +68,14 @@
(let [formatted (sql/format q)] (let [formatted (sql/format q)]
(println "Executing query " q " SQL: " formatted) (println "Executing query " q " SQL: " formatted)
(j/execute! (get-conn) formatted))) (j/execute! (get-conn) formatted)))
(defn limited-companies [id]
(cond
(= (:role id) "none")
[]
(= (:role id) "admin")
nil
(= (:role id) "user")
(:companies id [])))

6
src/clj/auto_ap/graphql.clj
View File

@@ -326,7 +326,7 @@
invoices (map invoices (map
->graphql ->graphql
(invoices/get-graphql (<-graphql args))) (invoices/get-graphql (<-graphql (assoc args :id (:id context)))))
invoice-count (invoices/count-graphql (<-graphql args))] invoice-count (invoices/count-graphql (<-graphql args))]
(resolve/with-context (resolve/with-context
[{:invoices invoices [{:invoices invoices
@@ -423,7 +423,7 @@
(defn get-company [context args value] (defn get-company [context args value]
(->graphql (->graphql
(filter #(can-see-company? (:identity context) %) (filter #(can-see-company? (:id context) %)
(companies/get-all)))) (companies/get-all))))
(defn join-companies [users] (defn join-companies [users]
@@ -515,4 +515,4 @@
(query id q nil )) (query id q nil ))
([id q v] ([id q v]
(println "executing graphql query" id q v) (println "executing graphql query" id q v)
(simplify (execute schema q v {:identity id})))) (simplify (execute schema q v {:id id}))))

5
src/clj/auto_ap/graphql/checks.clj
View File

@@ -25,14 +25,15 @@
(companies/get-by-id (:company_id value))))) (companies/get-by-id (:company_id value)))))
(defn get-check-page [context args value] (defn get-check-page [context args value]
(let [extra-context (let [args (assoc args :id (:id context))
extra-context
(cond-> {} (cond-> {}
(executor/selects-field? context :invoice/vendor) (assoc :vendor-cache (by :id (vendors/get-all))) (executor/selects-field? context :invoice/vendor) (assoc :vendor-cache (by :id (vendors/get-all)))
(executor/selects-field? context :invoice/company) (assoc :company-cache (by :id (companies/get-all)))) (executor/selects-field? context :invoice/company) (assoc :company-cache (by :id (companies/get-all))))
checks (map checks (map
->graphql ->graphql
(checks/get-graphql (<-graphql args))) (checks/get-graphql (<-graphql args)))
checks-count (checks/count-graphql (<-graphql args))] checks-count (checks/count-graphql (<-graphql args))]
(resolve/with-context (resolve/with-context
[{:checks checks [{:checks checks

3
src/clj/auto_ap/routes/graphql.clj
View File

@@ -3,6 +3,7 @@
[auto-ap.routes.utils :refer [wrap-secure wrap-spec]] [auto-ap.routes.utils :refer [wrap-secure wrap-spec]]
[auto-ap.entities.companies :as entity] [auto-ap.entities.companies :as entity]
[auto-ap.graphql :as ql] [auto-ap.graphql :as ql]
[buddy.auth :refer [throw-unauthorized]]
[clojure.edn :as edn] [clojure.edn :as edn]
[compojure.core :refer [GET PUT context defroutes [compojure.core :refer [GET PUT context defroutes
wrap-routes]])) wrap-routes]]))
@@ -12,6 +13,8 @@
(wrap-routes (wrap-routes
(context "/graphql" [] (context "/graphql" []
(GET "/" {:keys [query-params] :as r} (GET "/" {:keys [query-params] :as r}
(when (= "none" (:role (:identity r)))
(throw-unauthorized))
(let [variables (some-> (query-params "variables") (let [variables (some-> (query-params "variables")
edn/read-string)] edn/read-string)]