notid/integreat
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

very basics of security have been added.

Browse Source
This commit is contained in:
Bryce Covert
2018-06-04 22:22:15 -07:00
parent 44fff9e88a
commit fbccc0b209
6 changed files with 27 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/clj/auto_ap/graphql.clj
View File

@@ -288,9 +288,14 @@
(map company-cache (:companies value)) (map company-cache (:companies value))
(map companies/get-by-id (:companies value))))) (map companies/get-by-id (:companies value)))))
(defn can-see-company? [identity company]
(or (= "admin" (:role identity))
((set (:companies identity)) (:id company))))
(defn get-company [context args value] (defn get-company [context args value]
(->graphql (->graphql
(companies/get-all))) (filter #(can-see-company? (:identity context) %)
(companies/get-all))))
(defn join-companies [users] (defn join-companies [users]
(let [companies (by :id (companies/get-all))] (let [companies (by :id (companies/get-all))]
@@ -365,7 +370,8 @@
m)) m))
(defn query (defn query
([q] ([id q]
(simplify (execute schema q nil nil))) (query id q nil ))
([q v] ([id q v]
(simplify (execute schema q v nil)))) (println id q v)
(simplify (execute schema q v {:identity id}))))

2
src/clj/auto_ap/routes/companies.clj
View File

@@ -9,7 +9,7 @@
(defroutes routes (defroutes routes
(wrap-routes (wrap-routes
(context "/companies" [] (context "/companies" []
(GET "/" [] (GET "/" r
{:status 200 {:status 200
:body (pr-str (companies/get-all)) :body (pr-str (companies/get-all))
:headers {"Content-Type" "application/edn"}}) :headers {"Content-Type" "application/edn"}})

6
src/clj/auto_ap/routes/graphql.clj
View File

@@ -11,11 +11,11 @@
(defroutes routes (defroutes routes
(wrap-routes (wrap-routes
(context "/graphql" [] (context "/graphql" []
(GET "/" {:keys [query-params]} (GET "/" {:keys [query-params] :as r}
(let [variables (some-> (query-params "variables") (let [variables (some-> (query-params "variables")
edn/read-string)] edn/read-string)]
(println variables)
{:status 200 {:status 200
:body (pr-str (ql/query (query-params "query") variables)) :body (pr-str (ql/query (:identity r) (query-params "query") variables ))
:headers {"Content-Type" "application/edn"}}))) :headers {"Content-Type" "application/edn"}})))
wrap-secure)) wrap-secure))

3
src/cljs/auto_ap/subs.cljs
View File

@@ -50,8 +50,7 @@
::user ::user
(fn [db] (fn [db]
(when (:user db) (when (:user db)
(let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))] (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))) :keywordize-keys true))))
{:name name}))))
(re-frame/reg-sub (re-frame/reg-sub
::active-page ::active-page

19
src/cljs/auto_ap/views/main.cljs
View File

@@ -13,18 +13,18 @@
({:login :blank ({:login :blank
:check :blank :check :blank
:needs-activation :blank :needs-activation :blank
:index :left-panel :index :left-panel
:invoices :left-panel :invoices :left-panel
:import-invoices :left-panel :import-invoices :left-panel
:unpaid-invoices :left-panel :unpaid-invoices :left-panel
:paid-invoices :left-panel :paid-invoices :left-panel
:admin :admin-left-panel :admin :admin-left-panel
:admin-companies :admin-left-panel :admin-companies :admin-left-panel
:admin-users :admin-left-panel :admin-users :admin-left-panel
:admin-excel-import :admin-left-panel :admin-excel-import :admin-left-panel
:admin-vendors :admin-left-panel :admin-vendors :admin-left-panel
:admin-reminders :admin-left-panel :admin-reminders :admin-left-panel
:new-invoice :blank} page :blank)) :new-invoice :blank} page :blank))
(defn login-dropdown [] (defn login-dropdown []
(let [user (re-frame/subscribe [::subs/user]) (let [user (re-frame/subscribe [::subs/user])
@@ -36,8 +36,9 @@
[:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:name @user)] [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:name @user)]
[:div {:class "navbar-dropdown"} [:div {:class "navbar-dropdown"}
[:a {:class "navbar-item"} "My profile"] [:a {:class "navbar-item"} "My profile"]
[:a {:class "navbar-item" :href (bidi/path-for routes/routes :admin) (when (= "admin" (:role @user))
:on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} "Administration"] [:a {:class "navbar-item" :href (bidi/path-for routes/routes :admin)
:on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} "Administration"])
[:hr {:class "navbar-divider"}] [:hr {:class "navbar-divider"}]
[:a.navbar-item {:on-click (fn [e] (.preventDefault e) (re-frame/dispatch [::events/logout]))} "Logout"]]] [:a.navbar-item {:on-click (fn [e] (.preventDefault e) (re-frame/dispatch [::events/logout]))} "Logout"]]]
[:a.navbar-item {:href login-url} "Login"])]])) [:a.navbar-item {:href login-url} "Login"])]]))
@@ -169,7 +170,7 @@
[:p.menu-label "Accounts Payable"] [:p.menu-label "Accounts Payable"]
[:ul.menu-list [:ul.menu-list
[:li.menu-item #_[:li.menu-item
[:a {:href (bidi/path-for routes/routes :import-invoices) , :class (str "item" (active-when= ap :import-invoices))} [:a {:href (bidi/path-for routes/routes :import-invoices) , :class (str "item" (active-when= ap :import-invoices))}
[:span {:class "icon"} [:span {:class "icon"}
[:i {:class "fa fa-star-o"}]] [:i {:class "fa fa-star-o"}]]

4
src/cljs/auto_ap/views/pages/index.cljs
View File

@@ -4,6 +4,4 @@
(defn index-page [] (defn index-page []
[:div [:div
[:h1.title "Dashboard"] [:h1.title "Dashboard"]])
[:h2.subtitle "To get started, "
[:a {:href (bidi/path-for routes/routes :import-invoices)} "Import some invoices"]]])