func (u *userHandler) Edit(c *gin.Context) {
var user models.User
currentUser := utils.MustGetCurrentUser(c)
if err := c.Bind(&user); err != nil {
errors := userResource.ParseError(err)
if len(errors) > 0 {
c.Error(errors[0])
return
}
}
userId := c.Param("userId")
if currentUser.Role != models.Admin {
user.Role = models.NormalUser
}
if currentUser.Role == models.NormalUser {
user.DeleteAt = nil
}
if err := userResource.Edit(userId, &user); err != nil {
c.AbortWithError(400, err)
return
}
c.JSON(200, user)
}
func (a *authMiddleware) UserRequirePermission(role int) gin.HandlerFunc {
return func(c *gin.Context) {
currentUser := utils.MustGetCurrentUser(c)
if currentUser.Role < role {
c.Error(apiErrors.ThrowError(apiErrors.AccessDenied))
c.Abort()
return
}
c.Next()
}
}
func (a *authMiddleware) UserHasAuthorization() gin.HandlerFunc {
return func(c *gin.Context) {
currentUser := utils.MustGetCurrentUser(c)
userData := utils.MustGetUserData(c)
if currentUser.Role == models.NormalUser {
if currentUser.Id != userData.Id {
c.Error(apiErrors.ThrowError(apiErrors.AccessDenied))
c.Abort()
return
}
} else {
if currentUser.Role <= userData.Role {
c.Error(apiErrors.ThrowError(apiErrors.AccessDenied))
c.Abort()
return
}
}
c.Next()
}
}
