func StaticServer(w http.ResponseWriter, r *http.Request) {
// check permission
if r.RequestURI == AproxyUrlPrefix ||
r.RequestURI == AproxyUrlPrefix+"index.html" {
ctx := rfweb.NewContext(w, r)
user := auth.GetLoginedUser(ctx)
errMsg := ""
if user == nil {
login.RedirectToLogin(w, r)
return
} else {
authority, err := auth.GetAuthorityByEmail(user.Email)
if err != nil {
errMsg = "can't get authority, error: " + err.Error()
} else if authority == nil || authority.AdminLevel < 10 {
errMsg = "you don't has permission."
}
}
if errMsg != "" {
http.Error(ctx.W, errMsg, http.StatusForbidden)
return
}
}
http.StripPrefix(AproxyUrlPrefix,
fileServer).ServeHTTP(w, r)
}
// check permission
func (self *BaseResource) OnHandleBegin(ctx *rfweb.Context) bool {
user := auth.GetLoginedUser(ctx)
errMsg := ""
if user == nil || user.Email == "" {
errMsg = "please login first."
} else {
authority, err := auth.GetAuthorityByEmail(user.Email)
if err != nil {
errMsg = "can't get authority, error: " + err.Error()
} else if authority == nil || authority.AdminLevel < 10 {
errMsg = "you don't has permission."
}
}
if errMsg != "" {
isXHR := ctx.R.Header.Get("X-Requested-With") == "XMLHttpRequest"
if isXHR {
res := RespData{
Error: errMsg,
}
util.WriteJson(ctx.W, res)
} else {
http.Error(ctx.W, errMsg, http.StatusForbidden)
}
return false
}
return true
}
