Add user roles
This commit is contained in:
Las Zenow
parent
e72fd6e4d4
commit
cfdd4817e2
6 changed files with 27 additions and 9 deletions
10
admin.go
10
admin.go
|
|
@ -39,7 +39,7 @@ func settingsHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -80,7 +80,7 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
|
|
||||||
func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
idStr := mux.Vars(r)["id"]
|
idStr := mux.Vars(r)["id"]
|
||||||
if sess.User == "" || !bson.IsObjectIdHex(idStr) {
|
if !sess.IsAdmin() || !bson.IsObjectIdHex(idStr) {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -109,7 +109,7 @@ func cleanEmptyStr(s []string) []string {
|
||||||
|
|
||||||
func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
idStr := mux.Vars(r)["id"]
|
idStr := mux.Vars(r)["id"]
|
||||||
if sess.User == "" || !bson.IsObjectIdHex(idStr) {
|
if !sess.IsAdmin() || !bson.IsObjectIdHex(idStr) {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -160,7 +160,7 @@ type newData struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -203,7 +203,7 @@ func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func storeHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func storeHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
2
cover.go
2
cover.go
|
|
@ -37,7 +37,7 @@ func coverHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
if !book.Active {
|
if !book.Active {
|
||||||
sess := GetSession(r)
|
sess := GetSession(r)
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
12
database.go
12
database.go
|
|
@ -82,6 +82,18 @@ func (d *DB) UserValid(user string, pass string) bool {
|
||||||
return n != 0
|
return n != 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (d *DB) UserRole(user string) string {
|
||||||
|
type result struct {
|
||||||
|
Role string
|
||||||
|
}
|
||||||
|
res := result{}
|
||||||
|
err := d.user.Find(bson.M{"user": user}).One(&res)
|
||||||
|
if err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return res.Role
|
||||||
|
}
|
||||||
|
|
||||||
func (d *DB) InsertStats(stats interface{}) error {
|
func (d *DB) InsertStats(stats interface{}) error {
|
||||||
return d.stats.Insert(stats)
|
return d.stats.Insert(stats)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -184,7 +184,7 @@ func openReadEpub(w http.ResponseWriter, r *http.Request, sess *Session) (*epubg
|
||||||
|
|
||||||
book = books[0]
|
book = books[0]
|
||||||
if !book.Active {
|
if !book.Active {
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
return nil, book
|
return nil, book
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -211,7 +211,7 @@ func contentHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
}
|
}
|
||||||
book := books[0]
|
book := books[0]
|
||||||
if !book.Active {
|
if !book.Active {
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ type Notification struct {
|
||||||
|
|
||||||
type Session struct {
|
type Session struct {
|
||||||
User string
|
User string
|
||||||
|
Role string
|
||||||
Notif []Notification
|
Notif []Notification
|
||||||
S *sessions.Session
|
S *sessions.Session
|
||||||
}
|
}
|
||||||
|
|
@ -41,6 +42,7 @@ func GetSession(r *http.Request) (s *Session) {
|
||||||
s.S, err = sesStore.Get(r, "session")
|
s.S, err = sesStore.Get(r, "session")
|
||||||
if err == nil && !s.S.IsNew {
|
if err == nil && !s.S.IsNew {
|
||||||
s.User, _ = s.S.Values["user"].(string)
|
s.User, _ = s.S.Values["user"].(string)
|
||||||
|
s.Role = db.UserRole(s.User)
|
||||||
s.Notif = getNotif(s.S)
|
s.Notif = getNotif(s.S)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -74,3 +76,7 @@ func (s *Session) Id() string {
|
||||||
id, _ := s.S.Values["id"].(string)
|
id, _ := s.S.Values["id"].(string)
|
||||||
return id
|
return id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *Session) IsAdmin() bool {
|
||||||
|
return s.Role == "admin"
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
|
|
||||||
if !book.Active {
|
if !book.Active {
|
||||||
sess := GetSession(r)
|
sess := GetSession(r)
|
||||||
if sess.User == "" {
|
if !sess.IsAdmin() {
|
||||||
notFound(w, r)
|
notFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Reference in a new issue