Beispiel #1
0
func (self *AuthorityResource) Get(ctx *rfweb.Context) {
	res := RespData{}
	id := ctx.Get("id")
	if id == "all" {
		authoritys, err := auth.GetAllAuthority()
		if err != nil {
			res.Error = err.Error()
		} else {
			res.Success = true
			res.Data = authoritys
		}
	} else if id != "" {
		authority, err := auth.GetAuthorityByID(id)
		if err != nil {
			res.Error = err.Error()
		} else {
			res.Success = true
			res.Data = authority
		}
	} else {
		email := ctx.Get("email")
		if email != "" {
			authority, err := auth.GetAuthorityByEmail(email)
			if err != nil {
				res.Error = err.Error()
			} else {
				res.Success = true
				res.Data = authority
			}
		}
	}

	util.WriteJson(ctx.W, res)
}
Beispiel #2
0
// check permission
func (self *BaseResource) OnHandleBegin(ctx *rfweb.Context) bool {
	user := auth.GetLoginedUser(ctx)
	errMsg := ""
	if user == nil || user.Email == "" {
		errMsg = "please login first."
	} else {
		authority, err := auth.GetAuthorityByEmail(user.Email)
		if err != nil {
			errMsg = "can't get authority, error: " + err.Error()
		} else if authority == nil || authority.AdminLevel < 10 {
			errMsg = "you don't has permission."
		}
	}
	if errMsg != "" {
		isXHR := ctx.R.Header.Get("X-Requested-With") == "XMLHttpRequest"
		if isXHR {
			res := RespData{
				Error: errMsg,
			}
			util.WriteJson(ctx.W, res)
		} else {
			http.Error(ctx.W, errMsg, http.StatusForbidden)
		}
		return false
	}
	return true
}
Beispiel #3
0
func StaticServer(w http.ResponseWriter, r *http.Request) {
	// check permission
	if r.RequestURI == AproxyUrlPrefix ||
		r.RequestURI == AproxyUrlPrefix+"index.html" {
		ctx := rfweb.NewContext(w, r)
		user := auth.GetLoginedUser(ctx)
		errMsg := ""
		if user == nil {
			login.RedirectToLogin(w, r)
			return
		} else {
			authority, err := auth.GetAuthorityByEmail(user.Email)
			if err != nil {
				errMsg = "can't get authority, error: " + err.Error()
			} else if authority == nil || authority.AdminLevel < 10 {
				errMsg = "you don't has permission."
			}
		}
		if errMsg != "" {
			http.Error(ctx.W, errMsg, http.StatusForbidden)
			return
		}
	}

	http.StripPrefix(AproxyUrlPrefix,
		fileServer).ServeHTTP(w, r)
}
Beispiel #4
0
func setAdmin(email string, level int) error {
	if level != 50 && level != 99 {
		return fmt.Errorf("adminlevel must be 50 or 99")
	}
	authority, err := auth.GetAuthorityByEmail(email)
	if err != nil {
		return fmt.Errorf("query Authority for %s got error: %s",
			email, err.Error())
	}
	if authority != nil {
		authority.AdminLevel = level
		err = auth.UpdateAuthority(authority.Id, authority)
	} else {
		authority = &auth.Authority{}
		authority.Email = email
		authority.AdminLevel = level
		err = auth.InsertAuthority(authority)
	}
	return err
}