Esempio n. 1
0
// DisallowAnon does not allow anonymous users to access the page
func AllowOnlyAdministrator(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Get the current user role
		currentUID, isLoggedIn := controller.CurrentUserId(r)

		// If user is not authenticated, don't allow them to access the page
		if !isLoggedIn {
			http.Redirect(w, r, "/", http.StatusFound)
			return
		}

		// Get the role
		role, err := model.RoleByUserId(int64(currentUID))
		if err != nil {
			log.Println(err)
			http.Redirect(w, r, "/", http.StatusFound)
			return
		}

		// Only allow Administrators
		if role.Level_id != model.Role_level_Administrator {
			http.Redirect(w, r, "/", http.StatusFound)
			return
		}

		h.ServeHTTP(w, r)
	})
}
Esempio n. 2
0
// photoAccessAllowed returns: 1 - Is use allows access 2 - Should photo be marked
func photoAccessAllowed(r *http.Request, user_id uint64, pic_id string) (bool, bool, error) {
	// Get the photo info

	photoInfo, err := model.PhotoInfoByPath(user_id, strings.Replace(pic_id, ".jpg", "", -1))
	if err != nil {
		return false, false, err
	}

	// Get the current user role
	role_level := uint8(0)
	currentUID, loggedIn := CurrentUserId(r)
	if loggedIn {
		role, err := model.RoleByUserId(int64(currentUID))
		if err != nil {
			return false, false, err
		}
		role_level = role.Level_id
	}

	// Check if the current user has access to the photo
	if (photoInfo.Initial == 0 && photoInfo.Status_id == 1) || // If photo is public and verified, show it
		(role_level == model.Role_level_Administrator) || // If user is admin, show it
		(photoInfo.Owner_id == currentUID) { // If it belongs to user, show it
		if photoInfo.Status_id == 1 {
			return true, true, nil
		}
		return true, false, nil
	}

	return false, false, nil
}
Esempio n. 3
0
// Displays the default home page
func Index(w http.ResponseWriter, r *http.Request) {
	// Get session
	sess := session.Instance(r)

	// If the user is logged in
	if sess.Values["id"] != nil {

		// Get the current user role
		currentUID, _ := CurrentUserId(r)
		role, err := model.RoleByUserId(int64(currentUID))
		if err != nil {
			log.Println(err)
			Error500(w, r)
			return
		}

		if role.Level_id == model.Role_level_User {
			http.Redirect(w, r, "/profile", http.StatusFound)
			return
		} else {
			http.Redirect(w, r, "/admin", http.StatusFound)
			return
		}

	} else {
		// Display the view
		v := view.New(r)
		v.Name = "anon_home"
		v.Render(w)
	}
}