feature #9: Create Voter for Article

2019-08-23 09:41:41 +02:00
parent 21b6a525fd
commit 0108d496e0
5 changed files with 154 additions and 27 deletions
--- a/src/main/kotlin/fr/dcproject/routes/Article.kt
+++ b/src/main/kotlin/fr/dcproject/routes/Article.kt
@@ -1,11 +1,9 @@
 package fr.dcproject.routes

 import Paths
-import io.ktor.application.ApplicationCall
+import fr.dcproject.security.voter.ArticleVoter
+import fr.dcproject.security.voter.assertCan
 import io.ktor.application.call
-import io.ktor.auth.authenticate
-import io.ktor.auth.authentication
-import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
 import io.ktor.locations.get
 import io.ktor.locations.post
@@ -13,11 +11,8 @@ import io.ktor.request.receive
 import io.ktor.response.respond
 import io.ktor.routing.Route
 import fr.dcproject.entity.Article as ArticleEntity
-import fr.dcproject.entity.User as UserEntity
 import fr.dcproject.repository.Article as ArticleRepository

-val ApplicationCall.user get() = authentication.principal<UserEntity>()
-
@KtorExperimentalLocationsAPI
 fun Route.article(repo: ArticleRepository) {
    get<Paths.ArticlesRequest> {
@@ -29,17 +24,10 @@ fun Route.article(repo: ArticleRepository) {
        call.respond(it.article)
    }

-    authenticate(optional = true) {
-        post<Paths.PostArticleRequest>() {
-            // TODO replace to voter
-            val user = call.user
-            if (user == null) {
-                call.respond(HttpStatusCode.Unauthorized)
-            } else {
-                val article = call.receive<ArticleEntity>()
-                repo.upsert(article)
-                call.respond(article)
-            }
-        }
+    post<Paths.PostArticleRequest> {
+        call.assertCan(ArticleVoter.Action.CREATE)
+        val article = call.receive<ArticleEntity>()
+        repo.upsert(article)
+        call.respond(article)
    }
-}
+}