Example #1
0
File: topics.go Project: ovh/tat
func (t *TopicsController) preCheckUserAdminOnTopic(ctx *gin.Context, topicName string) (*tat.Topic, error) {

	topic, errfind := topicDB.FindByTopic(topicName, true, false, false, nil)
	if errfind != nil {
		e := errors.New(errfind.Error())
		return nil, e
	}

	if isTatAdmin(ctx) { // if Tat admin, ok
		return topic, nil
	}

	user, err := PreCheckUser(ctx)
	if err != nil {
		return nil, err
	}

	if !topicDB.IsUserAdmin(topic, &user) {
		e := fmt.Errorf("user %s is not admin on topic %s", user.Username, topic.Topic)
		ctx.JSON(http.StatusForbidden, gin.H{"error": e})
		return nil, e
	}

	return topic, nil
}
Example #2
0
File: topics.go Project: ovh/tat
// Delete deletes requested topic only if user is Tat admin, or admin on topic
func (t *TopicsController) Delete(ctx *gin.Context) {
	topicRequest, err := GetParam(ctx, "topic")
	if err != nil {
		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid Topic"})
		return
	}

	var user = tat.User{}
	found, err := userDB.FindByUsername(&user, getCtxUsername(ctx))
	if !found {
		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "User unknown"})
		return
	} else if err != nil {
		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Error while fetching user"})
		return
	}

	paramJSON := tat.ParamTopicUserJSON{
		Topic:     topicRequest,
		Username:  user.Username,
		Recursive: false,
	}

	topic, e := t.preCheckUser(ctx, &paramJSON)
	if e != nil {
		return
	}
	// If user delete a Topic under /Private/username, no check or RW to delete
	if !strings.HasPrefix(topic.Topic, "/Private/"+user.Username) {
		// check if user is Tat admin or admin on this topic
		hasRW := topicDB.IsUserAdmin(topic, &user)
		if !hasRW {
			ctx.JSON(http.StatusForbidden, gin.H{"error": fmt.Errorf("No RW access to topic %s (to delete it)", topic.Topic)})
			return
		}
	}

	c := &tat.MessageCriteria{Topic: topic.Topic, OnlyCount: "true"}
	count, err := messageDB.CountMessages(c, user.Username, *topic)
	if err != nil {
		log.Errorf("Error while list Messages in Delete %s", err)
		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Error while list Messages in Delete topic"})
		return
	}

	if count > 0 {
		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Could not delete this topic, this topic have messages"})
		return
	}

	if err = topicDB.Delete(topic, &user); err != nil {
		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}
	ctx.JSON(http.StatusOK, gin.H{"info": fmt.Sprintf("Topic %s is deleted", topic.Topic)})
}