Use getBy404 in isAuthorized when it's the right thing
This commit is contained in:
parent
23c06c535a
commit
d6967f52d9
1 changed files with 27 additions and 36 deletions
|
@ -192,12 +192,11 @@ instance Yesod App where
|
||||||
else Unauthorized "No access to this operation"
|
else Unauthorized "No access to this operation"
|
||||||
|
|
||||||
groupRole :: (GroupRole -> Bool) -> ShrIdent -> Handler AuthResult
|
groupRole :: (GroupRole -> Bool) -> ShrIdent -> Handler AuthResult
|
||||||
groupRole role grp = personAnd $ \ (Entity pid _p) -> do
|
groupRole role grp = personAnd $ \ (Entity pid _p) -> runDB $ do
|
||||||
mrole <- runDB $ runMaybeT $ do
|
Entity sid _s <- getBy404 $ UniqueSharer grp
|
||||||
Entity sid _s <- MaybeT $ getBy $ UniqueSharer grp
|
Entity gid _g <- getBy404 $ UniqueGroup sid
|
||||||
Entity gid _g <- MaybeT $ getBy $ UniqueGroup sid
|
mem <- getBy $ UniqueGroupMember pid gid
|
||||||
Entity _mid m <- MaybeT $ getBy $ UniqueGroupMember pid gid
|
let mrole = groupMemberRole . entityVal <$> mem
|
||||||
return $ groupMemberRole m
|
|
||||||
return $ case mrole of
|
return $ case mrole of
|
||||||
Nothing -> Unauthorized "Not a member of the group"
|
Nothing -> Unauthorized "Not a member of the group"
|
||||||
Just r ->
|
Just r ->
|
||||||
|
@ -210,37 +209,29 @@ instance Yesod App where
|
||||||
|
|
||||||
personOrGroupAdmin :: ShrIdent -> Handler AuthResult
|
personOrGroupAdmin :: ShrIdent -> Handler AuthResult
|
||||||
personOrGroupAdmin shr = personAnd $ \ (Entity vpid _vp) -> runDB $ do
|
personOrGroupAdmin shr = personAnd $ \ (Entity vpid _vp) -> runDB $ do
|
||||||
mes <- getBy $ UniqueSharer shr
|
Entity sid _ <- getBy404 $ UniqueSharer shr
|
||||||
case mes of
|
|
||||||
Nothing -> return $ Unauthorized "No such sharer"
|
|
||||||
Just (Entity sid _) -> do
|
|
||||||
mep <- getBy $ UniquePersonIdent sid
|
mep <- getBy $ UniquePersonIdent sid
|
||||||
case mep of
|
case mep of
|
||||||
Just (Entity pid _p) ->
|
Just (Entity pid _p) ->
|
||||||
return $ if pid == vpid
|
return $ if pid == vpid
|
||||||
then Authorized
|
then Authorized
|
||||||
else
|
else Unauthorized "Can’t access other people’s roles"
|
||||||
Unauthorized
|
|
||||||
"Can’t access other people’s roles"
|
|
||||||
Nothing -> do
|
Nothing -> do
|
||||||
meg <- getBy $ UniqueGroup sid
|
meg <- getBy $ UniqueGroup sid
|
||||||
case meg of
|
case meg of
|
||||||
Nothing -> do
|
Nothing -> do
|
||||||
$logWarn $
|
$logWarn $
|
||||||
"Found non-person non-group \
|
"Found non-person non-group sharer: " <>
|
||||||
\sharer: " <> shr2text shr
|
shr2text shr
|
||||||
return $ Unauthorized "Zombine sharer"
|
return $ error "Zombie sharer"
|
||||||
Just (Entity gid _g) -> do
|
Just (Entity gid _g) -> do
|
||||||
mem <- getBy $ UniqueGroupMember vpid gid
|
mem <- getBy $ UniqueGroupMember vpid gid
|
||||||
return $ case mem of
|
return $ case mem of
|
||||||
Nothing ->
|
Nothing -> Unauthorized "Not a group member"
|
||||||
Unauthorized "Not a group member"
|
|
||||||
Just (Entity _mid m) ->
|
Just (Entity _mid m) ->
|
||||||
if groupMemberRole m == GRAdmin
|
if groupMemberRole m == GRAdmin
|
||||||
then Authorized
|
then Authorized
|
||||||
else
|
else Unauthorized "Not a group admin"
|
||||||
Unauthorized
|
|
||||||
"Not a group admin"
|
|
||||||
|
|
||||||
projOp
|
projOp
|
||||||
:: ProjectOperation -> ShrIdent -> PrjIdent -> Handler AuthResult
|
:: ProjectOperation -> ShrIdent -> PrjIdent -> Handler AuthResult
|
||||||
|
|
Loading…
Reference in a new issue