func StaticServer(w http.ResponseWriter, r *http.Request) { // check permission if r.RequestURI == AproxyUrlPrefix || r.RequestURI == AproxyUrlPrefix+"index.html" { ctx := rfweb.NewContext(w, r) user := auth.GetLoginedUser(ctx) errMsg := "" if user == nil { login.RedirectToLogin(w, r) return } else { authority, err := auth.GetAuthorityByEmail(user.Email) if err != nil { errMsg = "can't get authority, error: " + err.Error() } else if authority == nil || authority.AdminLevel < 10 { errMsg = "you don't has permission." } } if errMsg != "" { http.Error(ctx.W, errMsg, http.StatusForbidden) return } } http.StripPrefix(AproxyUrlPrefix, fileServer).ServeHTTP(w, r) }
// check permission func (self *BaseResource) OnHandleBegin(ctx *rfweb.Context) bool { user := auth.GetLoginedUser(ctx) errMsg := "" if user == nil || user.Email == "" { errMsg = "please login first." } else { authority, err := auth.GetAuthorityByEmail(user.Email) if err != nil { errMsg = "can't get authority, error: " + err.Error() } else if authority == nil || authority.AdminLevel < 10 { errMsg = "you don't has permission." } } if errMsg != "" { isXHR := ctx.R.Header.Get("X-Requested-With") == "XMLHttpRequest" if isXHR { res := RespData{ Error: errMsg, } util.WriteJson(ctx.W, res) } else { http.Error(ctx.W, errMsg, http.StatusForbidden) } return false } return true }