Browse Source

Make user ID optional, use default mask if no user provided

master
Christian Fischer 3 months ago
parent
commit
f94a17fad1
3 changed files with 31 additions and 11 deletions
  1. +2
    -2
      server/groups.rkt
  2. +10
    -5
      server/resource.rkt
  3. +19
    -4
      server/rest.rkt

+ 2
- 2
server/groups.rkt View File

@@ -26,7 +26,7 @@
(let ((user-hash (bytes->jsexpr
(redis-hash-ref dbc "users" id))))
(user id
(dict-ref user-hash 'user_name))))
(dict-ref user-hash 'email_address))))


;; Add a user with the given ID and name to the "users" hash in Redis.
@@ -36,7 +36,7 @@
(redis-hash-set! dbc
"users"
id
(jsexpr->bytes (hash 'user_name name))))
(jsexpr->bytes (hash 'email_address name))))

; A group is a product of two sets of users, admins and members. A
; user can be either an admin or a member, not both. Logically, for


+ 10
- 5
server/resource.rkt View File

@@ -144,13 +144,18 @@
;; Return the action, as defined by a pair of a branch name and action
;; name, for a given resource, as accessible by the given user.
;; Returns #f if the user does not have access.
(define (access-action res user-id action-pair)
(define (access-action res
action-pair
#:user [user-id 'anonymous])
(let* ((branch-id (car action-pair))
(action-id (cdr action-pair))
(mask (get-mask-for-user res
user-id))
(action-set (apply-mask (dict-ref resource-types (resource-type res))
mask)))
(mask (if (eq? user-id 'anonymous)
(resource-default-mask res)
(get-mask-for-user res
user-id)))
(action-set (apply-mask (dict-ref resource-types
(resource-type res))
mask)))
(let ((action (assoc action-id (hash-ref action-set branch-id))))
(if action
(cdr action)


+ 19
- 4
server/rest.rkt View File

@@ -67,6 +67,22 @@
(bindings-assq #"action" binds))
[(list #f #f #f #f)
"provide resource id, user id, and action to perform"]
[(list (binding:form _ res-id)
#f
(binding:form _ branch)
(binding:form _ action))
(let* ((res (get-resource res-id))
(branch (~> branch
(bytes->string/utf-8)
(string->symbol)))
(action (bytes->string/utf-8 action)))
(let ((action (access-action res
(cons branch action))))
(if action
(run-action action
(resource-data res)
(action-params action binds))
"no access")))]
[(list (binding:form _ res-id)
(binding:form _ user-id)
(binding:form _ branch)
@@ -77,8 +93,8 @@
(string->symbol)))
(action (bytes->string/utf-8 action)))
(let ((action (access-action res
(bytes->string/utf-8 user-id)
(cons branch action))))
(cons branch action)
#:user (bytes->string/utf-8 user-id))))
(if action
(run-action action
(resource-data res)
@@ -91,7 +107,7 @@
(define (run-action-dispatcher conn req)
(output-response conn (run-action-endpoint req)))

;; Run the server (will be moved to another module later)
;; Run the server
(define stop
(serve
#:dispatch (sequencer:make
@@ -99,7 +115,6 @@
query-available-dispatcher)
(filter:make #rx"^/run-action/"
run-action-dispatcher))
;; #:dispatch (dispatch/servlet run-action-endpoint)
#:listen-ip "127.0.0.1"
#:port 8080))



Loading…
Cancel
Save