diff options
Diffstat (limited to 'Foundation.hs')
-rw-r--r-- | Foundation.hs | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/Foundation.hs b/Foundation.hs index 915230c..f76ec24 100644 --- a/Foundation.hs +++ b/Foundation.hs @@ -119,8 +119,8 @@ instance Yesod App where makeLogger = return . appLogger - isAuthorized (UserR u) True = isUser u - isAuthorized (UserR u) False = isUserOrAdmin u + isAuthorized (UserR u) True = isUserOrAssistant False u + isAuthorized (UserR u) False = isUserOrAssistant True u isAuthorized (CategoryR _) True = isAdmin isAuthorized (CategoryR _) False = return Authorized isAuthorized (EmploymentR e) True = isAdmin @@ -150,17 +150,17 @@ isAdmin = do Nothing -> AuthenticationRequired Just (Entity u v) -> if userIsAdmin v then Authorized else Unauthorized "You must be an admin" -isUserOrAssistant :: UserId -> Handler AuthResult -isUserOrAssistant t = do +isUserOrAssistant :: Bool -> UserId -> Handler AuthResult +isUserOrAssistant allowAdmin t = do ma <- maybeAuth case ma of Nothing -> return AuthenticationRequired - Just (Entity u _) -> case t == u of + Just (Entity u v) -> case t == u of True -> return Authorized False -> do mass <- runDB $ selectFirst [AssistantAssistant ==. u, AssistantAssisted ==. t] [] case mass of - Nothing -> return $ Unauthorized "That ain't your page." + Nothing -> return (if allowAdmin && userIsAdmin v then Authorized else Unauthorized "That ain't your page.") Just _ -> return Authorized -- How to run database actions. |