Common logic in nested APIs

[Dieter Vekeman]

Hi

I want to apply some common logic for a nested API but I have a problem with the following code which should assert a permission from my token before handling the calls.

Even though it compiles it seems that the checkPermission is only applied to the first API entry (/theory-codes) and not for the second and third... ones.

theoryCodeAdminServer :: LoginToken -> ServerT AdminTheoryCodeApi ProlixM

theoryCodeAdminServer token@LoginToken{..} pkgId = do

  -- 403 if the user doesn't have the permission

  checkPermission "manage:packages" token

  getTheoryCodes pkgId

  :<|> getTheoryCode  pkgId

Note the pkgId argument which is not part of the signature of theoryCodeAdminApiServer but it's part of the Api (see below).

My first thought was to apply braces:

( getTheoryCodes pkgId :<|> getTheoryCode pkgId )

but then it no longer typechecks because it doesn't match the API definition.

Also when trying to split it into two functions I'm struggling to get the types right.

Here are the types:

checkPermission :: Text -> LoginToken -> ProlixM ()

type ProlixM = ReaderT Handle Handler

type AdminTheoryCodeApi = "admin" :> "package" :> Capture "package_id" PackageId :>

      (

      -- GET /theory-codes

      "theory-codes" :> Get '[JSON] [ TheoryCodeEntity ]

      

      -- GET /theory-code/<theory_code_id>

      :<|> "theory-code" :> Capture "theory_code_id" TheoryCodeId :> Get '[JSON] TheoryCodeEntity

      )

      

I any info would be missing, let me know.

Thanks!