forked from 2sys/phonograph
fix auth checks for update_field_ordinality_handler
This commit is contained in:
Brent Schroeter
parent
81f9396490
commit
610b902ac1
1 changed files with 29 additions and 7 deletions
|
|
@ -1,5 +1,12 @@
|
||||||
use axum::{debug_handler, extract::Path, response::Response};
|
use axum::{
|
||||||
use phono_models::field::Field;
|
debug_handler,
|
||||||
|
extract::{Path, State},
|
||||||
|
response::Response,
|
||||||
|
};
|
||||||
|
use phono_models::{
|
||||||
|
accessors::{Accessor as _, Actor, portal::PortalAccessor},
|
||||||
|
field::Field,
|
||||||
|
};
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
use sqlx::postgres::types::Oid;
|
use sqlx::postgres::types::Oid;
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
@ -11,6 +18,7 @@ use crate::{
|
||||||
extractors::ValidatedForm,
|
extractors::ValidatedForm,
|
||||||
navigator::{Navigator, NavigatorPage},
|
navigator::{Navigator, NavigatorPage},
|
||||||
user::CurrentUser,
|
user::CurrentUser,
|
||||||
|
workspace_pooler::{RoleAssignment, WorkspacePooler},
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
|
|
@ -36,8 +44,9 @@ pub(super) struct FormBody {
|
||||||
/// [`PathParams`].
|
/// [`PathParams`].
|
||||||
#[debug_handler(state = crate::app::App)]
|
#[debug_handler(state = crate::app::App)]
|
||||||
pub(super) async fn post(
|
pub(super) async fn post(
|
||||||
|
State(mut pooler): State<WorkspacePooler>,
|
||||||
AppDbConn(mut app_db): AppDbConn,
|
AppDbConn(mut app_db): AppDbConn,
|
||||||
CurrentUser(_user): CurrentUser,
|
CurrentUser(user): CurrentUser,
|
||||||
navigator: Navigator,
|
navigator: Navigator,
|
||||||
Path(PathParams {
|
Path(PathParams {
|
||||||
portal_id,
|
portal_id,
|
||||||
|
|
@ -51,11 +60,23 @@ pub(super) async fn post(
|
||||||
) -> Result<Response, AppError> {
|
) -> Result<Response, AppError> {
|
||||||
// FIXME CSRF
|
// FIXME CSRF
|
||||||
|
|
||||||
// FIXME ensure workspace corresponds to rel/portal, and that user has
|
let mut workspace_client = pooler
|
||||||
// permission to access/alter both as needed.
|
.acquire_for(workspace_id, RoleAssignment::User(user.id))
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
let portal = PortalAccessor::new()
|
||||||
|
.id(portal_id)
|
||||||
|
.as_actor(Actor::User(user.id))
|
||||||
|
.verify_workspace_id(workspace_id)
|
||||||
|
.verify_rel_oid(Oid(rel_oid))
|
||||||
|
.verify_rel_ownership()
|
||||||
|
.using_app_db(&mut app_db)
|
||||||
|
.using_workspace_client(&mut workspace_client)
|
||||||
|
.fetch_one()
|
||||||
|
.await?;
|
||||||
|
|
||||||
// Ensure field exists and belongs to portal.
|
// Ensure field exists and belongs to portal.
|
||||||
Field::belonging_to_portal(portal_id)
|
Field::belonging_to_portal(portal.id)
|
||||||
.with_id(field_id)
|
.with_id(field_id)
|
||||||
.fetch_one(&mut app_db)
|
.fetch_one(&mut app_db)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
@ -67,11 +88,12 @@ pub(super) async fn post(
|
||||||
.execute(&mut app_db)
|
.execute(&mut app_db)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
|
// TODO: Redirect with subfilter query intact.
|
||||||
Ok(navigator
|
Ok(navigator
|
||||||
.portal_page()
|
.portal_page()
|
||||||
.workspace_id(workspace_id)
|
.workspace_id(workspace_id)
|
||||||
.rel_oid(Oid(rel_oid))
|
.rel_oid(Oid(rel_oid))
|
||||||
.portal_id(portal_id)
|
.portal_id(portal.id)
|
||||||
.build()?
|
.build()?
|
||||||
.redirect_to())
|
.redirect_to())
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue