diff --git a/admin.go b/admin.go index 139ccf9..f5e2d78 100644 --- a/admin.go +++ b/admin.go @@ -39,7 +39,7 @@ func settingsHandler(w http.ResponseWriter, r *http.Request, sess *Session) { } func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) { - if sess.User == "" { + if !sess.IsAdmin() { notFound(w, r) return } @@ -80,7 +80,7 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) { func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) { idStr := mux.Vars(r)["id"] - if sess.User == "" || !bson.IsObjectIdHex(idStr) { + if !sess.IsAdmin() || !bson.IsObjectIdHex(idStr) { notFound(w, r) return } @@ -109,7 +109,7 @@ func cleanEmptyStr(s []string) []string { func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) { idStr := mux.Vars(r)["id"] - if sess.User == "" || !bson.IsObjectIdHex(idStr) { + if !sess.IsAdmin() || !bson.IsObjectIdHex(idStr) { notFound(w, r) return } @@ -160,7 +160,7 @@ type newData struct { } func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) { - if sess.User == "" { + if !sess.IsAdmin() { notFound(w, r) return } @@ -203,7 +203,7 @@ func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) { } func storeHandler(w http.ResponseWriter, r *http.Request, sess *Session) { - if sess.User == "" { + if !sess.IsAdmin() { notFound(w, r) return } diff --git a/cover.go b/cover.go index 626f65f..e2dc471 100644 --- a/cover.go +++ b/cover.go @@ -37,7 +37,7 @@ func coverHandler(w http.ResponseWriter, r *http.Request) { if !book.Active { sess := GetSession(r) - if sess.User == "" { + if !sess.IsAdmin() { notFound(w, r) return } diff --git a/database.go b/database.go index ebf6fb0..06c2c0f 100644 --- a/database.go +++ b/database.go @@ -82,6 +82,18 @@ func (d *DB) UserValid(user string, pass string) bool { return n != 0 } +func (d *DB) UserRole(user string) string { + type result struct { + Role string + } + res := result{} + err := d.user.Find(bson.M{"user": user}).One(&res) + if err != nil { + return "" + } + return res.Role +} + func (d *DB) InsertStats(stats interface{}) error { return d.stats.Insert(stats) } diff --git a/reader.go b/reader.go index 8b11a2b..82e6fd6 100644 --- a/reader.go +++ b/reader.go @@ -184,7 +184,7 @@ func openReadEpub(w http.ResponseWriter, r *http.Request, sess *Session) (*epubg book = books[0] if !book.Active { - if sess.User == "" { + if !sess.IsAdmin() { return nil, book } } @@ -211,7 +211,7 @@ func contentHandler(w http.ResponseWriter, r *http.Request, sess *Session) { } book := books[0] if !book.Active { - if sess.User == "" { + if !sess.IsAdmin() { notFound(w, r) return } diff --git a/session.go b/session.go index bf861fc..6430115 100644 --- a/session.go +++ b/session.go @@ -17,6 +17,7 @@ type Notification struct { type Session struct { User string + Role string Notif []Notification S *sessions.Session } @@ -41,6 +42,7 @@ func GetSession(r *http.Request) (s *Session) { s.S, err = sesStore.Get(r, "session") if err == nil && !s.S.IsNew { s.User, _ = s.S.Values["user"].(string) + s.Role = db.UserRole(s.User) s.Notif = getNotif(s.S) } @@ -74,3 +76,7 @@ func (s *Session) Id() string { id, _ := s.S.Values["id"].(string) return id } + +func (s *Session) IsAdmin() bool { + return s.Role == "admin" +} diff --git a/trantor.go b/trantor.go index ad2621d..9862662 100644 --- a/trantor.go +++ b/trantor.go @@ -93,7 +93,7 @@ func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) { if !book.Active { sess := GetSession(r) - if sess.User == "" { + if !sess.IsAdmin() { notFound(w, r) return }