From 8f4be835329b7d2c78c8f55b8ecbf622040ccce9 Mon Sep 17 00:00:00 2001 From: Matthias Andreas Benkard Date: Sat, 18 Aug 2012 18:19:10 +0200 Subject: Book Marx: Apply role-based access scheme. --- .../7_migrate_bookmarx_to_role_access_model.sql | 24 +++++++++++++ schema.sql | 9 +++-- src/mulk/benki/book_marx.clj | 41 ++++++++++++---------- 3 files changed, 52 insertions(+), 22 deletions(-) create mode 100644 migrations/7_migrate_bookmarx_to_role_access_model.sql diff --git a/migrations/7_migrate_bookmarx_to_role_access_model.sql b/migrations/7_migrate_bookmarx_to_role_access_model.sql new file mode 100644 index 0000000..574a07c --- /dev/null +++ b/migrations/7_migrate_bookmarx_to_role_access_model.sql @@ -0,0 +1,24 @@ +BEGIN TRANSACTION; + +ALTER TABLE post_targets DROP CONSTRAINT lazychat_targets_message_fkey; +ALTER TABLE lazychat_references DROP CONSTRAINT lazychat_references_referee_fkey; + +INSERT INTO post_targets + SELECT bm.id, rt.role + FROM bookmarks bm + INNER JOIN role_tags rt ON tag = 'world' + WHERE visibility = 'public'; +INSERT INTO post_targets + SELECT bm.id, udt.target + FROM bookmarks bm + INNER JOIN user_default_target udt ON bm.owner = udt."user" + WHERE visibility = 'protected'; + +ALTER TABLE bookmarks DROP COLUMN visibility; + +CREATE VIEW user_visible_bookmarks AS + SELECT uvp.user, uvp.message + FROM user_visible_posts uvp + INNER JOIN bookmarks bm ON bm.id = uvp.message; + +COMMIT; diff --git a/schema.sql b/schema.sql index ea5110f..ad773af 100644 --- a/schema.sql +++ b/schema.sql @@ -129,10 +129,8 @@ CREATE TABLE bookmarks INHERITS posts ( uri VARCHAR NOT NULL, title VARCHAR, description VARCHAR, - visibility VARCHAR, PRIMARY KEY(id), - FOREIGN KEY(owner) REFERENCES users, - CHECK (visibility IN ('private', 'protected', 'public')) + FOREIGN KEY(owner) REFERENCES users ); CREATE TABLE bookmark_tags( @@ -251,5 +249,10 @@ CREATE VIEW user_visible_lazychat_messages AS FROM user_visible_posts uvp INNER JOIN lazychat_messages lm ON lm.id = uvp.message; +CREATE VIEW user_visible_bookmarks AS + SELECT uvp.user, uvp.message + FROM user_visible_posts uvp + INNER JOIN bookmarks bm ON bm.id = uvp.message; + ROLLBACK; --COMMIT; diff --git a/src/mulk/benki/book_marx.clj b/src/mulk/benki/book_marx.clj index bc3882c..7281a83 100644 --- a/src/mulk/benki/book_marx.clj +++ b/src/mulk/benki/book_marx.clj @@ -23,6 +23,7 @@ (def bookmarks (cq/table :bookmarks)) (def tags (cq/table :tags)) (def users (cq/table :users)) +(def user-visible-bookmarks (cq/table :user_visible_bookmarks)) (def bookmarx-list-page @@ -47,27 +48,17 @@ [:script {:type "text/javascript" :src (resolve-uri "/js/bookmarx-submit.js")}])}) -(defn restrict-visibility [table user] - (if user - (cq/select table - (cq/where (or (=* :visibility "public") - (=* :visibility "protected") - (and (=* :visibility "private") - (=* :owner user))))) - (cq/select table - (cq/where (=* :visibility "public"))))) - - (def htmlize-description (comp sanitize-html markdown->html)) (defn bookmarks-visible-by [user] - (-> bookmarks + (-> user-visible-bookmarks + (cq/select (=* :user_visible_bookmarks.user user)) + (cq/join bookmarks (=* :user_visible_bookmarks.message :bookmarks.id)) (cq/join users (=* :bookmarks.owner :users.id)) (cq/project [:bookmarks.* :users.first_name :users.last_name]) ;;(cq/rename {:users.id :uid}) - (restrict-visibility user) - (cq/sort [:date#desc]))) + (cq/sort [:bookmarks.date#desc]))) (defpage "/marx" {} (let [marks (bookmarks-visible-by *user*)] @@ -171,14 +162,26 @@ (with-dbt (let [bookmark (sql/with-query-results results - ["INSERT INTO bookmarks (owner, uri, title, description, - visibility) - VALUES (?, ?, ?, ?, ?) + ["INSERT INTO bookmarks (owner, uri, title, description) + VALUES (?, ?, ?, ?) RETURNING id" - *user* uri title description visibility] + *user* uri title description] (:id (first (into () results))))] (doseq [tag tagseq] - (sql/insert-values :bookmark_tags [:bookmark :tag] [bookmark tag])))))) + (sql/insert-values :bookmark_tags [:bookmark :tag] [bookmark tag])) + (case visibility + ("public") + (sql/do-prepared + "INSERT INTO post_targets + SELECT ?, role FROM role_tags WHERE tag = 'world'" + [bookmark]) + ("protected") + (sql/do-prepared + "INSERT INTO post_targets + SELECT ?, target FROM user_default_target WHERE (\"user\" = ?)" + [bookmark *user*]) + ("private") + (do)))))) (if (and origin (not= origin "")) (redirect origin) (redirect (link :marx)))) -- cgit v1.2.3