func authorizeSelfOrAdminWithBody(updateData requestBodyJson, handler handlerFunctionWithBody, w http.ResponseWriter, r *http.Request) { id_token := getIdToken(w, r) if id_token == "" { return } user, err := data.GetUserByToken(id_token) if err != nil { http.Error(w, `{"error": "Error authorizing user: `+err.Error()+`"}`, http.StatusUnauthorized) return } reqUserId, err := data.GetUserIdFromRoute(r) if err != nil { http.Error(w, `{"error": "Error Parsing JSON: `+err.Error()+`"}`, http.StatusBadRequest) return } if admin, ok := user["admin"].(bool); ok { if !admin { if !checkIdOfUserMatches(w, reqUserId, user) { return } if !ensureAdminNotChanged(updateData, w, r) { return } } } else { http.Error(w, `{"error": "Error checking for user admin"}`, http.StatusInternalServerError) return } handler(updateData, w, r) }
func UserHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) var user map[string]interface{} if vars["id"] == "me" { id_token := getIdToken(w, r) if id_token == "" { return } var err error user, err = data.GetUserByToken(id_token) if err != nil { http.Error(w, `{"error": "`+err.Error()+`"}`, http.StatusNotFound) return } } else { id, err := strconv.Atoi(vars["id"]) if err != nil { http.Error(w, `{"error": "bad user id"}`, http.StatusBadRequest) return } user, err = data.GetUser(id) if err != nil { panic("Error getting user data") } } if user == nil { http.Error(w, `{"error": "user not found"}`, http.StatusNotFound) return } respond(w, "user", user) }
func authorizeAdmin(handler handlerFunction) handlerFunction { return func(w http.ResponseWriter, r *http.Request) { id_token := getIdToken(w, r) if id_token == "" { return } user, err := data.GetUserByToken(id_token) if err != nil { http.Error(w, `{"error": "Error authorizing user: `+err.Error()+`"}`, http.StatusUnauthorized) return } if admin, ok := user["admin"].(bool); ok { if !admin { http.Error(w, `{"error": "You are not an admin"}`, http.StatusUnauthorized) return } } else { http.Error(w, `{"error": "Error checking for user admin"}`, http.StatusInternalServerError) return } handler(w, r) } }