// AccountMatchesParam returns an AuthCheck that grants access if paramName is the same // as the account's ID; so, for instance, on a route to /accounts/:accountId, with // a request to /accounts/asdf, the AuthCheck will return true if the account's ID is asdf. // As a special case, account.Nobody and account.Super will never match in this method. func AccountMatchesParam(paramName string) AuthCheck { return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error { var acct account.Account if err := GetAccount(ctx, &acct); err != nil { return err } else if acct.Super() || acct.Nobody() { return ErrAccountIDDoesNotMatch } else if acct.Key(ctx).Encode() != kami.Param(ctx, paramName) { return ErrAccountIDDoesNotMatch } else { return nil } } }