// DisallowAnon does not allow anonymous users to access the page func AllowOnlyAdministrator(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Get the current user role currentUID, isLoggedIn := controller.CurrentUserId(r) // If user is not authenticated, don't allow them to access the page if !isLoggedIn { http.Redirect(w, r, "/", http.StatusFound) return } // Get the role role, err := model.RoleByUserId(int64(currentUID)) if err != nil { log.Println(err) http.Redirect(w, r, "/", http.StatusFound) return } // Only allow Administrators if role.Level_id != model.Role_level_Administrator { http.Redirect(w, r, "/", http.StatusFound) return } h.ServeHTTP(w, r) }) }
// photoAccessAllowed returns: 1 - Is use allows access 2 - Should photo be marked func photoAccessAllowed(r *http.Request, user_id uint64, pic_id string) (bool, bool, error) { // Get the photo info photoInfo, err := model.PhotoInfoByPath(user_id, strings.Replace(pic_id, ".jpg", "", -1)) if err != nil { return false, false, err } // Get the current user role role_level := uint8(0) currentUID, loggedIn := CurrentUserId(r) if loggedIn { role, err := model.RoleByUserId(int64(currentUID)) if err != nil { return false, false, err } role_level = role.Level_id } // Check if the current user has access to the photo if (photoInfo.Initial == 0 && photoInfo.Status_id == 1) || // If photo is public and verified, show it (role_level == model.Role_level_Administrator) || // If user is admin, show it (photoInfo.Owner_id == currentUID) { // If it belongs to user, show it if photoInfo.Status_id == 1 { return true, true, nil } return true, false, nil } return false, false, nil }
// Displays the default home page func Index(w http.ResponseWriter, r *http.Request) { // Get session sess := session.Instance(r) // If the user is logged in if sess.Values["id"] != nil { // Get the current user role currentUID, _ := CurrentUserId(r) role, err := model.RoleByUserId(int64(currentUID)) if err != nil { log.Println(err) Error500(w, r) return } if role.Level_id == model.Role_level_User { http.Redirect(w, r, "/profile", http.StatusFound) return } else { http.Redirect(w, r, "/admin", http.StatusFound) return } } else { // Display the view v := view.New(r) v.Name = "anon_home" v.Render(w) } }