mirror of
https://github.com/penpot/penpot.git
synced 2026-05-23 17:03:41 +00:00
575342b3bb
Only a very common use, basic types schemas should be used as reference (with namespaced keywords)
92 lines
2.5 KiB
Clojure
92 lines
2.5 KiB
Clojure
;; This Source Code Form is subject to the terms of the Mozilla Public
|
|
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
;;
|
|
;; Copyright (c) KALEIDOS INC
|
|
|
|
(ns app.rpc.permissions
|
|
"A permission checking helper factories."
|
|
(:require
|
|
[app.common.exceptions :as ex]
|
|
[app.common.schema :as sm]))
|
|
|
|
(def schema:permissions
|
|
[:map {:title "Permissions"}
|
|
[:type {:gen/elements [:membership :share-link]} :keyword]
|
|
[:is-owner ::sm/boolean]
|
|
[:is-admin ::sm/boolean]
|
|
[:can-edit ::sm/boolean]
|
|
[:can-read ::sm/boolean]
|
|
[:is-logged ::sm/boolean]])
|
|
|
|
(def valid-roles
|
|
#{:admin :owner :editor :viewer})
|
|
|
|
(defn assign-role-flags
|
|
[params role]
|
|
(assert (contains? valid-roles role) "expected a valid role")
|
|
(cond-> params
|
|
(= role :owner)
|
|
(assoc :is-owner true
|
|
:is-admin true
|
|
:can-edit true)
|
|
|
|
(= role :admin)
|
|
(assoc :is-owner false
|
|
:is-admin true
|
|
:can-edit true)
|
|
|
|
(= role :editor)
|
|
(assoc :is-owner false
|
|
:is-admin false
|
|
:can-edit true)
|
|
|
|
(= role :viewer)
|
|
(assoc :is-owner false
|
|
:is-admin false
|
|
:can-edit false)))
|
|
|
|
(defn make-admin-predicate-fn
|
|
"A simple factory for admin permission predicate functions."
|
|
[qfn]
|
|
(assert (fn? qfn) "expected a function")
|
|
(fn check
|
|
([perms] (:is-admin perms))
|
|
([conn & args] (check (apply qfn conn args)))))
|
|
|
|
(defn make-edition-predicate-fn
|
|
"A simple factory for edition permission predicate functions."
|
|
[qfn]
|
|
(assert (fn? qfn) "expected a function")
|
|
(fn check
|
|
([perms] (:can-edit perms))
|
|
([conn & args] (check (apply qfn conn args)))))
|
|
|
|
(defn make-read-predicate-fn
|
|
"A simple factory for read permission predicate functions."
|
|
[qfn]
|
|
(assert (fn? qfn) "expected a function")
|
|
(fn check
|
|
([perms] (:can-read perms))
|
|
([conn & args] (check (apply qfn conn args)))))
|
|
|
|
(defn make-comment-predicate-fn
|
|
"A simple factory for comment permission predicate functions."
|
|
[qfn]
|
|
(assert (fn? qfn) "expected a function")
|
|
(fn check
|
|
([perms]
|
|
(and (:is-logged perms) (= (:who-comment perms) "all")))
|
|
([conn & args]
|
|
(check (apply qfn conn args)))))
|
|
|
|
(defn make-check-fn
|
|
"Helper that converts a predicate permission function to a check
|
|
function (function that raises an exception)."
|
|
[pred]
|
|
(fn [& args]
|
|
(when-not (apply pred args)
|
|
(ex/raise :type :not-found
|
|
:code :object-not-found
|
|
:hint "not found"))))
|