Stuce/sTodo
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

user is no longer hardcoded

Browse source
This commit is contained in:
Stuce 2025-06-13 15:12:47 +01:00
parent 113990ac54
commit 4b9d2e8733
1 changed files with 23 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/Handler/TodoEntry.hs
View file

@ -5,6 +5,8 @@
{-# LANGUAGE TemplateHaskell #-} {-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE QuasiQuotes #-} {-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE FlexibleContexts #-}
{-# OPTIONS_GHC -Wno-unrecognised-pragmas #-}
{-# HLINT ignore "Replace case with fromMaybe" #-}
module Handler.TodoEntry where module Handler.TodoEntry where
import Import import Import
@ -169,10 +171,9 @@ postEditTodolistR groupId = error "not done yet"
getEditGroupR :: Handler Html getEditGroupR :: Handler Html
getEditGroupR = do getEditGroupR = do
userId <- getUserId
groups <- runDB $ do groups <- runDB $ do
-- TODO: using 404 is just a hack to win time, but next it needs better auth handling selectList [GroupUserUser ==. userId] [Asc GroupUserGroup]
userId <- getBy404 $ UniqueName getUser
selectList [GroupUserUser ==. entityKey userId] [Asc GroupUserGroup]
mToken <- fmap reqToken getRequest mToken <- fmap reqToken getRequest
defaultLayout $ do defaultLayout $ do
let a e = pack $ show $ fromSqlKey $ entityKey e ::Text let a e = pack $ show $ fromSqlKey $ entityKey e ::Text
@ -231,14 +232,27 @@ getItems text todolistId = map read (lines text)
something -> filter (/= '\r') something something -> filter (/= '\r') something
TodolistItem todolistId value name TodolistItem todolistId value name
-- TODO: complete implementation should short circuit if multi user is on but no user exist -- TODO: complete implementation should short circuit if multi user is on but no user exist
getUser = "Stuce" :: Text
-- getUserId :: Handler (Key User)
-- getUserId = do
-- mUser <- runDB $ getBy $ UniqueName "Stuce"
-- case mUser of
-- Nothing -> runDB $ insert $ User "Stuce"
-- Just u -> return $ entityKey u
-- TODO: this is kinda ugly, i need to try to find better solution, maybe do a custom auth instance, but i guess it goes for the moment
getUserId :: Handler (Key User) getUserId :: Handler (Key User)
getUserId = do getUserId = do
mUser <- runDB $ getBy $ UniqueName getUser mName <- lookupHeader "Remote-User"
case mUser of case mName of
Nothing -> runDB $ insert $ User getUser -- TODO: if this temporary solution stays, we need here a way to use authDummy somehow in developpement
Just u -> return $ entityKey u Nothing -> permissionDenied "no trusted header found !"
Just name -> do
mUser <- runDB $ getBy $ UniqueName (decodeUtf8 name)
case mUser of
Nothing -> runDB $ insert $ User (decodeUtf8 name)
Just u -> return $ entityKey u
dbIfAuth groupId action = do dbIfAuth groupId action = do
-- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests -- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests