add auth to user and relation adding

2019-06-09 23:43:16 +02:00 · 2019-06-09 23:43:16 +02:00 · 926dba9d58
parent 1762d5970c
commit 926dba9d58
2 changed files with 5 additions and 5 deletions
--- a/src/clj/cat/handler.clj
+++ b/src/clj/cat/handler.clj
@ -19,7 +19,7 @@
  (GET "/" req (show-home req))
  (GET "/relations_zeroed" [] (show-relations)))

-(defroutes user-routes
+(defroutes user-routes ;; These are protect inside their respective functions
  (POST "/relation_request/:id/status" [id & body :as req] (update-relationrequest-status id body req)) ; STATUS ENUM: (open, accepted, rejected)
  (POST "/request_relation" req (create-relation-request req)))

@ -40,7 +40,8 @@
      middleware/wrap-formats)
  user-routes
  oauth-routes
-  admin-routes
+  (-> admin-routes
+      middleware/wrap-restricted-admin)
  (route/not-found
   (:body
    (error-page {:status 404
@ -50,4 +51,3 @@
  :start
  (-> app-routes
      middleware/wrap-base))
-
--- a/src/clj/cat/middleware.clj
+++ b/src/clj/cat/middleware.clj
@ -65,10 +65,10 @@
   {:status 403
    :title  (str "Access to " (:uri request) " is not authorised")}))

-(defn wrap-restricted
+(defn wrap-restricted-admin
  "Example of how to wrap a route or handling in an authentication scheme"
  [handler]
-  (restrict handler {:handler  authenticated?
+  (restrict handler {:handler  admin-access
                     :on-error on-auth-error}))

 (defn wrap-auth