// DELETE: /clientgroup/{id} func (cr *ClientGroupController) Delete(id string, cx *goweb.Context) { LogRequest(cx.Request) // Try to authenticate user. u, err := request.Authenticate(cx.Request) if err != nil && err.Error() != e.NoAuth { cx.RespondWithErrorMessage(err.Error(), http.StatusUnauthorized) return } // If no auth was provided and ANON_CG_DELETE is true, use the public user. // Otherwise if no auth was provided, throw an error. // Otherwise, proceed with deletion of the clientgroup using the user. if u == nil { if conf.ANON_CG_DELETE == true { u = &user.User{Uuid: "public"} } else { cx.RespondWithErrorMessage(e.UnAuth, http.StatusUnauthorized) return } } // Load clientgroup by id cg, err := core.LoadClientGroup(id) if err != nil { if err == mgo.ErrNotFound { cx.RespondWithNotFound() } else { // In theory the db connection could be lost between // checking user and load but seems unlikely. cx.RespondWithErrorMessage("clientgroup id not found:"+id, http.StatusBadRequest) } return } // User must have delete permissions on clientgroup or be clientgroup owner or be an admin or the clientgroup is publicly deletable. // The other possibility is that public deletion of clientgroups is enabled and the clientgroup is publicly deletable. rights := cg.Acl.Check(u.Uuid) public_rights := cg.Acl.Check("public") if (u.Uuid != "public" && (cg.Acl.Owner == u.Uuid || rights["delete"] == true || u.Admin == true || public_rights["delete"] == true)) || (u.Uuid == "public" && conf.ANON_CG_DELETE == true && public_rights["delete"] == true) { err := core.DeleteClientGroup(id) if err != nil { cx.RespondWithErrorMessage("Could not delete clientgroup.", http.StatusInternalServerError) return } cx.RespondWithOK() return } cx.RespondWithErrorMessage(e.UnAuth, http.StatusUnauthorized) return }
// OPTIONS: /work func (cr *WorkController) Options(cx *goweb.Context) { LogRequest(cx.Request) cx.RespondWithOK() return }