[SECU] Doc routes.

bd0d341f · Alexandre Delanoë · 9ae2c370 · bd0d341f · bd0d341f · bd0d341f
Commit bd0d341f authored Nov 04, 2019 by Alexandre Delanoë
Showing with 78 additions and 34 deletions

API.hs src/Gargantext/API.hs +14 -6

Auth.hs src/Gargantext/API/Auth.hs +19 -5

Node.hs src/Gargantext/API/Node.hs +11 -2

Tree.hs src/Gargantext/Database/Tree.hs +34 -21

No files found.
--- a/src/Gargantext/API.hs
+++ b/src/Gargantext/API.hs
@@ -71,7 +71,7 @@ import           Text.Blaze.Html (Html)
 --import Gargantext.API.Swagger
 --import Gargantext.Database.Node.Contact (HyperdataContact)
-import Gargantext.API.Auth (AuthRequest, AuthResponse, AuthenticatedUser(..), AuthContext, auth, withAccess)
+import Gargantext.API.Auth (AuthRequest, AuthResponse, AuthenticatedUser(..), AuthContext, auth, withAccess, PathId(..))
 import Gargantext.API.Count  ( CountAPI, count, Query)
 import Gargantext.API.FrontEnd (FrontEndAPI, frontEndServer)
 import Gargantext.API.Ngrams (HasRepo(..), HasRepoSaver(..), saveRepo, TableNgramsApi, apiNgramsTableDoc)
@@ -238,6 +238,13 @@ type GargPrivateAPI' =
           :<|> "corpus":> Summary "Corpus endpoint"
                        :> Capture "id" CorpusId      :> NodeAPI HyperdataCorpus
+           :<|> "corpus":> Summary "Corpus endpoint"
+                        :> Capture "node1_id" NodeId
+                        :> "document"
+                        :> Capture "node2_id" NodeId
+                        :> NodeNodeAPI HyperdataAny
           -- Annuaire endpoint
           :<|> "annuaire":> Summary "Annuaire endpoint"
                          :> Capture "id" AnnuaireId      :> NodeAPI HyperdataAnnuaire
@@ -320,12 +327,13 @@ serverPrivateGargAPI' (AuthenticatedUser (NodeId uid))
       =  serverGargAdminAPI
     :<|> nodeAPI  (Proxy :: Proxy HyperdataAny)      uid
     :<|> nodeAPI  (Proxy :: Proxy HyperdataCorpus)   uid
-     :<|> nodeAPI  (Proxy :: Proxy HyperdataAnnuaire) uid
+     :<|> nodeNodeAPI  (Proxy :: Proxy HyperdataAny) uid
-     :<|> withAccess (Proxy :: Proxy TableNgramsApi) Proxy uid <*> apiNgramsTableDoc
+     :<|> nodeAPI  (Proxy :: Proxy HyperdataAnnuaire)   uid
+     :<|> withAccess (Proxy :: Proxy TableNgramsApi) Proxy uid <$> PathNode <*> apiNgramsTableDoc
     :<|> count -- TODO: undefined
-     :<|> withAccess (Proxy :: Proxy SearchPairsAPI) Proxy uid <*> searchPairs -- TODO: move elsewhere
+     :<|> withAccess (Proxy :: Proxy SearchPairsAPI) Proxy uid <$> PathNode <*> searchPairs -- TODO: move elsewhere
-     :<|> withAccess (Proxy :: Proxy GraphAPI)       Proxy uid <*> graphAPI -- TODO: mock
+     :<|> withAccess (Proxy :: Proxy GraphAPI)       Proxy uid <$> PathNode <*> graphAPI -- TODO: mock
-     :<|> withAccess (Proxy :: Proxy TreeAPI)        Proxy uid <*> treeAPI
+     :<|> withAccess (Proxy :: Proxy TreeAPI)        Proxy uid <$> PathNode <*> treeAPI
     :<|> New.api -- TODO-SECURITY
     :<|> New.info uid -- TODO-SECURITY

--- a/src/Gargantext/API/Auth.hs
+++ b/src/Gargantext/API/Auth.hs
@@ -47,8 +47,8 @@ import Gargantext.Core.Utils.Prefix (unPrefix, unPrefixSwagger)
 import Gargantext.API.Settings
 import Gargantext.API.Types (HasJoseError(..), joseError, HasServerError, serverError, GargServerC)
 import Gargantext.Database.Root (getRoot)
-import Gargantext.Database.Tree (isDescendantOf)
+import Gargantext.Database.Tree (isDescendantOf, isIn)
-import Gargantext.Database.Types.Node (NodePoly(_node_id), NodeId(..), UserId)
+import Gargantext.Database.Types.Node (NodePoly(_node_id), NodeId(..), UserId, ListId, DocId)
 import Gargantext.Database.Utils (Cmd', CmdM, HasConnection)
 import Gargantext.Prelude hiding (reverse)
 import Test.QuickCheck (elements, oneof)
@@ -178,15 +178,29 @@ instance Arbitrary AuthValid where
                       , tr <- [1..3]
                       ]
-withAccessM :: (CmdM env err m, HasServerError err) => UserId -> NodeId -> m a -> m a
+data PathId = PathNode NodeId | PathDoc ListId DocId
-withAccessM uId id m = do
+withAccessM :: (CmdM env err m, HasServerError err)
+            => UserId
+            -> PathId
+            -> m a
+            -> m a
+withAccessM uId (PathNode id) m = do
  d <- id `isDescendantOf` NodeId uId
  if d then m else serverError err401
+withAccessM uId (PathDoc cId docId) m = do
+  a <- isIn cId docId -- TODO use one query for all ?
+  d <- cId `isDescendantOf` NodeId uId
+  if a && d
+     then m
+     else serverError err401
 withAccess :: forall env err m api.
              (GargServerC env err m, HasServer api '[]) =>
              Proxy api -> Proxy m ->
-              UserId -> NodeId ->
+              UserId -> PathId ->
              ServerT api m -> ServerT api m
 withAccess p _ uId id = hoistServer p f
  where

--- a/src/Gargantext/API/Node.hs
+++ b/src/Gargantext/API/Node.hs
@@ -48,7 +48,7 @@ import Data.Swagger
 import Data.Text (Text())
 import Data.Time (UTCTime)
 import GHC.Generics (Generic)
-import Gargantext.API.Auth (withAccess)
+import Gargantext.API.Auth (withAccess, PathId(..))
 import Gargantext.API.Metrics
 import Gargantext.API.Ngrams (TabType(..), TableNgramsApi, apiNgramsTableCorpus, QueryParamR, TODO)
 import Gargantext.API.Ngrams.NTree (MyTree)
@@ -160,10 +160,19 @@ type ChildrenApi a = Summary " Summary children"
                 :> QueryParam "limit"  Int
                 :> Get '[JSON] [Node a]
+------------------------------------------------------------------------
+type NodeNodeAPI a = Get '[JSON] (Node a)
+nodeNodeAPI :: forall proxy a. (JSONB a, ToJSON a) => proxy a -> UserId -> CorpusId -> NodeId -> GargServer (NodeNodeAPI a)
+nodeNodeAPI p uId cId nId = withAccess (Proxy :: Proxy (NodeNodeAPI a)) Proxy uId (PathDoc cId nId) nodeNodeAPI'
+  where
+    nodeNodeAPI' :: GargServer (NodeNodeAPI a)
+    nodeNodeAPI' = getNode nId p
 ------------------------------------------------------------------------
 -- TODO: make the NodeId type indexed by `a`, then we no longer need the proxy.
 nodeAPI :: forall proxy a. (JSONB a, ToJSON a) => proxy a -> UserId -> NodeId -> GargServer (NodeAPI a)
-nodeAPI p uId id = withAccess (Proxy :: Proxy (NodeAPI a)) Proxy uId id nodeAPI'
+nodeAPI p uId id = withAccess (Proxy :: Proxy (NodeAPI a)) Proxy uId (PathNode id) nodeAPI'
  where
    nodeAPI' :: GargServer (NodeAPI a)
    nodeAPI' =  getNode       id p

--- a/src/Gargantext/Database/Tree.hs
+++ b/src/Gargantext/Database/Tree.hs
@@ -24,6 +24,7 @@ module Gargantext.Database.Tree
  , toNodeTree
  , DbTreeNode
  , isDescendantOf
+  , isIn
  ) where
 import Control.Lens (Prism', (#), (^..), at, each, _Just, to)
@@ -35,7 +36,7 @@ import Database.PostgreSQL.Simple.SqlQQ
 import Gargantext.Prelude
 import Gargantext.Core.Types.Main (NodeTree(..), Tree(..))
-import Gargantext.Database.Types.Node (NodeId)
+import Gargantext.Database.Types.Node (NodeId, DocId)
 import Gargantext.Database.Config (fromNodeTypeId)
 import Gargantext.Database.Utils (Cmd, runPGSQuery)
 ------------------------------------------------------------------------
@@ -92,28 +93,29 @@ data DbTreeNode = DbTreeNode { dt_nodeId :: NodeId
 -- | Main DB Tree function
 -- TODO add typenames as parameters
 dbTree :: RootId -> Cmd err [DbTreeNode]
-dbTree rootId = map (\(nId, tId, pId, n) -> DbTreeNode nId tId pId n) <$> runPGSQuery [sql|
+dbTree rootId = map (\(nId, tId, pId, n) -> DbTreeNode nId tId pId n)
-  WITH RECURSIVE
+  <$> runPGSQuery [sql|
-      tree (id, typename, parent_id, name) AS
+    WITH RECURSIVE
-      (
+        tree (id, typename, parent_id, name) AS
-        SELECT p.id, p.typename, p.parent_id, p.name
+        (
-        FROM nodes AS p
+          SELECT p.id, p.typename, p.parent_id, p.name
-        WHERE p.id = ?
+          FROM nodes AS p
+          WHERE p.id = ?
-        UNION
+          UNION
-        SELECT c.id, c.typename, c.parent_id, c.name
-        FROM nodes AS c
+          SELECT c.id, c.typename, c.parent_id, c.name
+          FROM nodes AS c
-        INNER JOIN tree AS s ON c.parent_id = s.id
-        WHERE c.typename IN (2,20,21,22,3,5,30,31,40,7,9,90)
+          INNER JOIN tree AS s ON c.parent_id = s.id
-      )
+          WHERE c.typename IN (2,20,21,22,3,5,30,31,40,7,9,90)
-  SELECT * from tree;
+        )
-  |] (Only rootId)
+    SELECT * from tree;
+    |] (Only rootId)
 isDescendantOf :: NodeId -> RootId -> Cmd err Bool
-isDescendantOf childId rootId = (== [Only True]) <$> runPGSQuery [sql|
+isDescendantOf childId rootId = (== [Only True])
-  WITH RECURSIVE
+  <$> runPGSQuery [sql| WITH RECURSIVE
      tree (id, parent_id) AS
      (
        SELECT c.id, c.parent_id
@@ -125,7 +127,18 @@ isDescendantOf childId rootId = (== [Only True]) <$> runPGSQuery [sql|
        SELECT p.id, p.parent_id
        FROM nodes AS p
        INNER JOIN tree AS t ON t.parent_id = p.id
      )
  SELECT COUNT(*) = 1 from tree AS t
  WHERE t.id = ?;
  |] (childId, rootId)
+isIn :: NodeId -> DocId -> Cmd err Bool
+isIn cId docId = ( == [Only True])
+  <$> runPGSQuery [sql| SELECT COUNT(*) = 1
+    FROM nodes_nodes nn
+      WHERE nn.node1_id = ?
+        AND nn.node2_id = ?;
+  |] (cId, docId)