Esempio n. 1
0
func authorizeSelfOrAdminWithBody(updateData requestBodyJson, handler handlerFunctionWithBody, w http.ResponseWriter, r *http.Request) {
	id_token := getIdToken(w, r)
	if id_token == "" {
		return
	}
	user, err := data.GetUserByToken(id_token)
	if err != nil {
		http.Error(w, `{"error": "Error authorizing user: `+err.Error()+`"}`, http.StatusUnauthorized)
		return
	}

	reqUserId, err := data.GetUserIdFromRoute(r)
	if err != nil {
		http.Error(w, `{"error": "Error Parsing JSON: `+err.Error()+`"}`, http.StatusBadRequest)
		return
	}

	if admin, ok := user["admin"].(bool); ok {
		if !admin {
			if !checkIdOfUserMatches(w, reqUserId, user) {
				return
			}
			if !ensureAdminNotChanged(updateData, w, r) {
				return
			}
		}
	} else {
		http.Error(w, `{"error": "Error checking for user admin"}`, http.StatusInternalServerError)
		return
	}

	handler(updateData, w, r)
}
Esempio n. 2
0
func UserHandler(w http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	var user map[string]interface{}
	if vars["id"] == "me" {
		id_token := getIdToken(w, r)
		if id_token == "" {
			return
		}

		var err error
		user, err = data.GetUserByToken(id_token)
		if err != nil {
			http.Error(w, `{"error": "`+err.Error()+`"}`, http.StatusNotFound)
			return
		}
	} else {
		id, err := strconv.Atoi(vars["id"])
		if err != nil {
			http.Error(w, `{"error": "bad user id"}`, http.StatusBadRequest)
			return
		}
		user, err = data.GetUser(id)
		if err != nil {
			panic("Error getting user data")
		}
	}

	if user == nil {
		http.Error(w, `{"error": "user not found"}`, http.StatusNotFound)
		return
	}

	respond(w, "user", user)
}
Esempio n. 3
0
func authorizeAdmin(handler handlerFunction) handlerFunction {
	return func(w http.ResponseWriter, r *http.Request) {
		id_token := getIdToken(w, r)
		if id_token == "" {
			return
		}

		user, err := data.GetUserByToken(id_token)
		if err != nil {
			http.Error(w, `{"error": "Error authorizing user: `+err.Error()+`"}`, http.StatusUnauthorized)
			return
		}
		if admin, ok := user["admin"].(bool); ok {
			if !admin {
				http.Error(w, `{"error": "You are not an admin"}`, http.StatusUnauthorized)
				return
			}
		} else {
			http.Error(w, `{"error": "Error checking for user admin"}`, http.StatusInternalServerError)
			return
		}
		handler(w, r)
	}
}