func (u *userHandler) Edit(c *gin.Context) { var user models.User currentUser := utils.MustGetCurrentUser(c) if err := c.Bind(&user); err != nil { errors := userResource.ParseError(err) if len(errors) > 0 { c.Error(errors[0]) return } } userId := c.Param("userId") if currentUser.Role != models.Admin { user.Role = models.NormalUser } if currentUser.Role == models.NormalUser { user.DeleteAt = nil } if err := userResource.Edit(userId, &user); err != nil { c.AbortWithError(400, err) return } c.JSON(200, user) }
func (a *authMiddleware) UserRequirePermission(role int) gin.HandlerFunc { return func(c *gin.Context) { currentUser := utils.MustGetCurrentUser(c) if currentUser.Role < role { c.Error(apiErrors.ThrowError(apiErrors.AccessDenied)) c.Abort() return } c.Next() } }
func (a *authMiddleware) UserHasAuthorization() gin.HandlerFunc { return func(c *gin.Context) { currentUser := utils.MustGetCurrentUser(c) userData := utils.MustGetUserData(c) if currentUser.Role == models.NormalUser { if currentUser.Id != userData.Id { c.Error(apiErrors.ThrowError(apiErrors.AccessDenied)) c.Abort() return } } else { if currentUser.Role <= userData.Role { c.Error(apiErrors.ThrowError(apiErrors.AccessDenied)) c.Abort() return } } c.Next() } }