gered/views
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

update subscription auth failure handling & non-existing view handling

Browse source 
- if the view specified does not exist, throw an exception instead of
  silently failing
- add "on-unauth-fn" option to view system. call this function if
  subscription authorization fails (some applications may want to audit
  this kind of event)
This commit is contained in:
Gered 2016-05-22 22:31:43 -04:00
parent b9512ff9ba
commit 8fb1a2cbbb
1 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/views/core.clj
View file

@ -63,6 +63,11 @@
; so do not disallow access to any subscription ; so do not disallow access to any subscription
true)) true))
(defn- on-unauthorized-subscription
[view-sig subscriber-key context]
(if-let [on-unauth-fn (:on-unauth-fn @view-system)]
(on-unauth-fn view-sig subscriber-key context)))
(defn- get-namespace (defn- get-namespace
[view-sig subscriber-key context] [view-sig subscriber-key context]
(if-let [namespace-fn (:namespace-fn @view-system)] (if-let [namespace-fn (:namespace-fn @view-system)]
@ -88,7 +93,7 @@
the subscription is successful, the subscriber will be sent the initial the subscription is successful, the subscriber will be sent the initial
data for the view." data for the view."
[{:keys [namespace view-id parameters] :as view-sig} subscriber-key context] [{:keys [namespace view-id parameters] :as view-sig} subscriber-key context]
(when-let [view (get-in @view-system [:views view-id])] (if-let [view (get-in @view-system [:views view-id])]
(let [namespace (get-namespace view-sig subscriber-key context) (let [namespace (get-namespace view-sig subscriber-key context)
view-sig (->view-sig namespace view-id parameters)] view-sig (->view-sig namespace view-id parameters)]
(if (authorized-subscription? view-sig subscriber-key context) (if (authorized-subscription? view-sig subscriber-key context)
@ -106,7 +111,11 @@
(catch Exception e (catch Exception e
(error "error subscribing:" namespace view-id parameters (error "error subscribing:" namespace view-id parameters
"e:" e "msg:" (.getMessage e)))))) "e:" e "msg:" (.getMessage e))))))
(trace "subscription not authorized" view-sig subscriber-key context))))) (do
(trace "subscription not authorized" view-sig subscriber-key context)
(on-unauthorized-subscription view-sig subscriber-key context)
nil)))
(throw (new Exception (str "Subscription for non-existant view: " view-id)))))
(defn- remove-from-subscribers (defn- remove-from-subscribers
[view-system view-sig subscriber-key] [view-system view-sig subscriber-key]
@ -403,9 +412,13 @@
; a function that authorizes view subscriptions. should return true if the ; a function that authorizes view subscriptions. should return true if the
; subscription is authorized. if not set, no view subscriptions will require ; subscription is authorized. if not set, no view subscriptions will require
; any authorization. ; any authorization.
; (fn [subscriber-key view-sig context] ... ) ; (fn [view-sig subscriber-key context] ... )
:auth-fn nil :auth-fn nil
; a function that is called when subscription authorization fails.
; (fn [view-sig subscriber-key context] ... )
:on-unauth-fn nil
; a function that returns a namespace to use for view subscriptions ; a function that returns a namespace to use for view subscriptions
; (fn [subscriber-key view-sig context] ... ) ; (fn [subscriber-key view-sig context] ... )
:namespace-fn nil :namespace-fn nil
@ -434,6 +447,7 @@
:send-fn send-fn :send-fn send-fn
:put-hints-fn (:put-hints-fn options) :put-hints-fn (:put-hints-fn options)
:auth-fn (:auth-fn options) :auth-fn (:auth-fn options)
:on-unauth-fn (:on-unauth-fn options)
:namespace-fn (:namespace-fn options) :namespace-fn (:namespace-fn options)
; keeping a copy of the options used during init allows other libraries ; keeping a copy of the options used during init allows other libraries
; that plugin/extend views functionality (e.g. IView implementations) ; that plugin/extend views functionality (e.g. IView implementations)