// AccountMatchesParam returns an AuthCheck that grants access if paramName is the same
// as the account's ID; so, for instance, on a route to /accounts/:accountId, with
// a request to /accounts/asdf, the AuthCheck will return true if the account's ID is asdf.
// As a special case, account.Nobody and account.Super will never match in this method.
func AccountMatchesParam(paramName string) AuthCheck {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
var acct account.Account
if err := GetAccount(ctx, &acct); err != nil {
return err
} else if acct.Super() || acct.Nobody() {
return ErrAccountIDDoesNotMatch
} else if acct.Key(ctx).Encode() != kami.Param(ctx, paramName) {
return ErrAccountIDDoesNotMatch
} else {
return nil
}
}
}
