diff --git a/src/Vervis/Foundation.hs b/src/Vervis/Foundation.hs index 1a36078..24d1c66 100644 --- a/src/Vervis/Foundation.hs +++ b/src/Vervis/Foundation.hs @@ -192,12 +192,11 @@ instance Yesod App where else Unauthorized "No access to this operation" groupRole :: (GroupRole -> Bool) -> ShrIdent -> Handler AuthResult - groupRole role grp = personAnd $ \ (Entity pid _p) -> do - mrole <- runDB $ runMaybeT $ do - Entity sid _s <- MaybeT $ getBy $ UniqueSharer grp - Entity gid _g <- MaybeT $ getBy $ UniqueGroup sid - Entity _mid m <- MaybeT $ getBy $ UniqueGroupMember pid gid - return $ groupMemberRole m + groupRole role grp = personAnd $ \ (Entity pid _p) -> runDB $ do + Entity sid _s <- getBy404 $ UniqueSharer grp + Entity gid _g <- getBy404 $ UniqueGroup sid + mem <- getBy $ UniqueGroupMember pid gid + let mrole = groupMemberRole . entityVal <$> mem return $ case mrole of Nothing -> Unauthorized "Not a member of the group" Just r -> @@ -210,37 +209,29 @@ instance Yesod App where personOrGroupAdmin :: ShrIdent -> Handler AuthResult personOrGroupAdmin shr = personAnd $ \ (Entity vpid _vp) -> runDB $ do - mes <- getBy $ UniqueSharer shr - case mes of - Nothing -> return $ Unauthorized "No such sharer" - Just (Entity sid _) -> do - mep <- getBy $ UniquePersonIdent sid - case mep of - Just (Entity pid _p) -> - return $ if pid == vpid - then Authorized - else - Unauthorized - "Can’t access other people’s roles" + Entity sid _ <- getBy404 $ UniqueSharer shr + mep <- getBy $ UniquePersonIdent sid + case mep of + Just (Entity pid _p) -> + return $ if pid == vpid + then Authorized + else Unauthorized "Can’t access other people’s roles" + Nothing -> do + meg <- getBy $ UniqueGroup sid + case meg of Nothing -> do - meg <- getBy $ UniqueGroup sid - case meg of - Nothing -> do - $logWarn $ - "Found non-person non-group \ - \sharer: " <> shr2text shr - return $ Unauthorized "Zombine sharer" - Just (Entity gid _g) -> do - mem <- getBy $ UniqueGroupMember vpid gid - return $ case mem of - Nothing -> - Unauthorized "Not a group member" - Just (Entity _mid m) -> - if groupMemberRole m == GRAdmin - then Authorized - else - Unauthorized - "Not a group admin" + $logWarn $ + "Found non-person non-group sharer: " <> + shr2text shr + return $ error "Zombie sharer" + Just (Entity gid _g) -> do + mem <- getBy $ UniqueGroupMember vpid gid + return $ case mem of + Nothing -> Unauthorized "Not a group member" + Just (Entity _mid m) -> + if groupMemberRole m == GRAdmin + then Authorized + else Unauthorized "Not a group admin" projOp :: ProjectOperation -> ShrIdent -> PrjIdent -> Handler AuthResult