ry
/
datarekisteri
10
0
Fork 0
Code Issues 10 Pull Requests Packages Projects Releases Wiki Activity

FIXUP Remove Own{Profile,Tokens} from Client

This commit is contained in:
Saku Laesvuori 2024-01-31 16:13:53 +02:00
parent 59205df9d9
commit 66ebd8d48c
Signed by: slaesvuo
GPG Key ID: 257D284A2A1D3A32
6 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
frontend/src/Datarekisteri/Frontend/Handlers/Applications.hs
View File

@ -115,12 +115,12 @@ applicationsW applications = do
.#{detailsClass}[open] { border-color: #339ca1; } .#{detailsClass}[open] { border-color: #339ca1; }
|] |]
getApplicationsR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html getApplicationsR :: Handler Html
getApplicationsR = do getApplicationsR = do
Applications applications <- apiRequest @Applications True () Applications applications <- apiRequest @Applications True ()
defaultLayout $ applicationsW applications defaultLayout $ applicationsW applications
postAcceptR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html postAcceptR :: Handler Html
postAcceptR = do postAcceptR = do
((result, _), _) <- runFormPost $ resolveApplicationForm Nothing ((result, _), _) <- runFormPost $ resolveApplicationForm Nothing
case result of case result of
@ -128,7 +128,7 @@ postAcceptR = do
_ -> pure () _ -> pure ()
redirect ApplicationsR redirect ApplicationsR
postRejectR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html postRejectR :: Handler Html
postRejectR = do postRejectR = do
((result, _), _) <- runFormPost $ resolveApplicationForm Nothing ((result, _), _) <- runFormPost $ resolveApplicationForm Nothing
case result of case result of

4
frontend/src/Datarekisteri/Frontend/Handlers/Apply.hs
View File

@ -75,12 +75,12 @@ applyW (applyWidget, applyEnctype) = do
^{form ApplyR applyEnctype formContent} ^{form ApplyR applyEnctype formContent}
|] |]
getApplyR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html getApplyR :: Handler Html
getApplyR = do getApplyR = do
applyForm <- liftHandler $ generateFormPost applyForm applyForm <- liftHandler $ generateFormPost applyForm
defaultLayout $ applyW applyForm defaultLayout $ applyW applyForm
postApplyR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html postApplyR :: Handler Html
postApplyR = do postApplyR = do
((result, widget), enctype) <- runFormPost applyForm ((result, widget), enctype) <- runFormPost applyForm
case result of case result of

2
frontend/src/Datarekisteri/Frontend/Handlers/Members.hs
View File

@ -38,7 +38,7 @@ instance ToTableRow DataIdClient MembersPageUsers where
tableHeader _ = toWidget <$> ["Nimi" :: Text, "Kutsumanimi", "Kotipaikka"] tableHeader _ = toWidget <$> ["Nimi" :: Text, "Kutsumanimi", "Kotipaikka"]
toCells MembersPageUsers {..} = toWidget <$> [name, nickname, homeplace] toCells MembersPageUsers {..} = toWidget <$> [name, nickname, homeplace]
getMembersR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html getMembersR :: Handler Html
getMembersR = do getMembersR = do
MembersPage {..} <- apiRequest True () MembersPage {..} <- apiRequest True ()
defaultLayout $ do defaultLayout $ do

10
frontend/src/Datarekisteri/Frontend/Handlers/Profile.hs
View File

@ -119,7 +119,7 @@ profile user (profileWidget, profileEnctype) (passwordWidget, passwordEnctype) =
^{form route passwordEnctype passwordFormContent} ^{form route passwordEnctype passwordFormContent}
|] |]
getProfile :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => (Maybe UserID) -> Handler Html getProfile :: (Maybe UserID) -> Handler Html
getProfile userID = do getProfile userID = do
ProfilePage {..} <- apiRequest True (ProfilePageArgs {id = userID}) ProfilePage {..} <- apiRequest True (ProfilePageArgs {id = userID})
passwordForm <- liftHandler $ generateFormPost passwordForm passwordForm <- liftHandler $ generateFormPost passwordForm
@ -130,13 +130,13 @@ getProfile userID = do
fromJust = fromMaybe $ error "Tried to access the profile of an inexistent user" fromJust = fromMaybe $ error "Tried to access the profile of an inexistent user"
getOwnProfileR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html getOwnProfileR :: Handler Html
getOwnProfileR = getProfile Nothing getOwnProfileR = getProfile Nothing
getProfileR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => UserID -> Handler Html getProfileR :: UserID -> Handler Html
getProfileR = getProfile . Just getProfileR = getProfile . Just
postProfileR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => UserID -> Handler Html postProfileR :: UserID -> Handler Html
postProfileR userID = do postProfileR userID = do
ProfilePage {..} <- apiRequest True (ProfilePageArgs {id = Just userID}) ProfilePage {..} <- apiRequest True (ProfilePageArgs {id = Just userID})
((result, widget), enctype) <- runFormPost $ profileForm (fromJust user) ((result, widget), enctype) <- runFormPost $ profileForm (fromJust user)
@ -147,7 +147,7 @@ postProfileR userID = do
defaultLayout $ profile (fromJust user) (widget, enctype) passwordForm defaultLayout $ profile (fromJust user) (widget, enctype) passwordForm
--- XXX fromJust explodes if the user no longer exists --- XXX fromJust explodes if the user no longer exists
postUpdatePasswordR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => UserID -> Handler Html postUpdatePasswordR :: UserID -> Handler Html
postUpdatePasswordR userID = do postUpdatePasswordR userID = do
((result, widget), enctype) <- runFormPost passwordForm ((result, widget), enctype) <- runFormPost passwordForm
case result of case result of

2
frontend/src/Datarekisteri/Frontend/Handlers/VerifyEmail.hs
View File

@ -33,7 +33,7 @@ getVerifyEmailR = do
codeForm <- generateFormPost verifyForm codeForm <- generateFormPost verifyForm
defaultLayout $ verifyEmailW codeForm defaultLayout $ verifyEmailW codeForm
postVerifyEmailR :: (YesodAuth DataIdClient, AuthId DataIdClient ~ Text) => Handler Html postVerifyEmailR :: Handler Html
postVerifyEmailR = do postVerifyEmailR = do
((result, widget), enctype) <- runFormPost verifyForm ((result, widget), enctype) <- runFormPost verifyForm
case result of case result of

46
frontend/src/Datarekisteri/Frontend/Types.hs
View File

@ -1,5 +1,6 @@
{-# LANGUAGE DeriveAnyClass #-} {-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE MultiParamTypeClasses #-} {-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE OverloadedStrings #-}
@ -76,9 +77,6 @@ query GetPermissions {
scope scope
permission permission
} }
user {
id
}
} }
|] |]
@ -86,19 +84,36 @@ declareLocalTypesInline "schema.gql" [raw|
mutation GetWebUIToken { mutation GetWebUIToken {
newToken(comment: "id.datat.fi webui") { newToken(comment: "id.datat.fi webui") {
tokenData tokenData
owner {
id
}
} }
} }
|] |]
data UserToken = UserToken
{ userID :: UserID
, token :: Text
} deriving (Read, Show)
instance PathPiece UserToken where
toPathPiece userToken = show userToken
fromPathPiece s = readMaybe (toString s)
instance YesodAuth DataIdClient where instance YesodAuth DataIdClient where
type AuthId DataIdClient = Text type AuthId DataIdClient = UserToken
maybeAuthId = lookupSession credsKey maybeAuthId = (>>= readMaybe . toString) <$> lookupSession credsKey
loginDest = const HomeR loginDest = const HomeR
logoutDest = const HomeR logoutDest = const HomeR
authPlugins = const $ [authExternalBasic getToken] authPlugins = const $ [authExternalBasic getToken]
where getToken auth = (>>= fmap (tokenData . newToken) . rightToMaybe) <$> where getToken :: Text -> HandlerFor DataIdClient (Maybe Text)
apiRequestAuth @GetWebUIToken [] (Just auth) () getToken auth = do
authenticate = pure . Authenticated . credsIdent response <- (>>= rightToMaybe) <$> apiRequestAuth @GetWebUIToken [] (Just auth) ()
pure $ do
token <- tokenData . newToken <$> response
userID <- (\GetWebUITokenNewTokenOwner {..} -> id) . owner . newToken <$> response
pure $ show $ UserToken userID token
authenticate = pure . maybe (ServerError "Couldn't read UserToken") Authenticated . readMaybe . toString . credsIdent
withAuthenticated :: (AuthId DataIdClient -> Handler AuthResult) -> Handler AuthResult withAuthenticated :: (AuthId DataIdClient -> Handler AuthResult) -> Handler AuthResult
withAuthenticated m = maybeAuthId >>= maybe (pure AuthenticationRequired) m withAuthenticated m = maybeAuthId >>= maybe (pure AuthenticationRequired) m
@ -109,14 +124,7 @@ readPermissions = Permissions . fromList . map (\GetPermissionsPermissions {..}
hasPermission :: Scope -> Permission -> Handler Bool hasPermission :: Scope -> Permission -> Handler Bool
hasPermission scope permission = do hasPermission scope permission = do
GetPermissions {..} <- apiRequest @GetPermissions False () GetPermissions {..} <- apiRequest @GetPermissions False ()
let permissions' = readPermissions permissions pure $ Core.hasPermission scope permission $ readPermissions permissions
userID = (\x -> id (x :: GetPermissionsUser)) <$> user
scopes = scope :| case scope of
Tokens uid | Just uid == userID -> [OwnTokens]
Profile uid | Just uid == userID -> [OwnProfile]
_ -> []
-- TODO add Members and Applications to Profile Scopes if profile owner is member/applicant
pure $ any (\scope -> Core.hasPermission scope permission permissions') scopes
requirePermission :: Scope -> Permission -> Handler AuthResult requirePermission :: Scope -> Permission -> Handler AuthResult
requirePermission scope permission = ifM (hasPermission scope permission) requirePermission scope permission = ifM (hasPermission scope permission)
@ -125,9 +133,7 @@ requirePermission scope permission = ifM (hasPermission scope permission)
where renderPermission ReadWrite = "kirjoitusoikeuden" where renderPermission ReadWrite = "kirjoitusoikeuden"
renderPermission ReadOnly = "lukuoikeuden" renderPermission ReadOnly = "lukuoikeuden"
renderPermission None = "nollaoikeuden" renderPermission None = "nollaoikeuden"
renderScope OwnProfile = "omaan profiliin"
renderScope (Profile _) = "käyttäjän profiliin" renderScope (Profile _) = "käyttäjän profiliin"
renderScope OwnTokens = "omiin tokeneihin" -- TODO kunnon suomennos
renderScope (Tokens _) = "käyttäjän tokeneihin" -- TODO kunnon suomennos renderScope (Tokens _) = "käyttäjän tokeneihin" -- TODO kunnon suomennos
renderScope Members = "kaikkiin jäseniin" renderScope Members = "kaikkiin jäseniin"
renderScope Applications = "jäsenhakemuksiin" renderScope Applications = "jäsenhakemuksiin"
@ -146,7 +152,7 @@ instance Yesod DataIdClient where
isAuthorized HomeR _ = pure Authorized isAuthorized HomeR _ = pure Authorized
isAuthorized ApplyR _ = pure Authorized isAuthorized ApplyR _ = pure Authorized
isAuthorized VerifyEmailR _ = pure Authorized isAuthorized VerifyEmailR _ = pure Authorized
isAuthorized OwnProfileR isWrite = withAuthenticated $ const $ authorizedHelper OwnProfile isWrite isAuthorized OwnProfileR isWrite = withAuthenticated $ \UserToken {..} -> isAuthorized (ProfileR userID) isWrite
isAuthorized (ProfileR user) isWrite = withAuthenticated $ const $ authorizedHelper (Profile user) isWrite isAuthorized (ProfileR user) isWrite = withAuthenticated $ const $ authorizedHelper (Profile user) isWrite
isAuthorized (UpdatePasswordR user) isWrite = isAuthorized (UpdatePasswordR user) isWrite =
withAuthenticated $ const $ authorizedHelper (Profile user) isWrite withAuthenticated $ const $ authorizedHelper (Profile user) isWrite
@ -308,7 +314,7 @@ fgColor = "#181c22"
instance ApiRequest DataIdClient where instance ApiRequest DataIdClient where
getApiUrl = configServerUrl . getConfig <$> getYesod getApiUrl = configServerUrl . getConfig <$> getYesod
authIdToAuthorization = flip const authIdToAuthorization _ UserToken {..} = token
instance RenderMessage DataIdClient FormMessage where instance RenderMessage DataIdClient FormMessage where
renderMessage _ _ = defaultFormMessage renderMessage _ _ = defaultFormMessage