Alex/GoMembership
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

backend: priviliges

Browse Source
This commit is contained in:
Alex
2025-02-20 13:19:41 +01:00
parent 03b3683b63
commit 3493e83e84
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/controllers/membershipController.go
View File

@@ -36,7 +36,7 @@ func (mc *MembershipController) RegisterSubscription(c *gin.Context) {
return return
} }
if !utils.HasPrivilige(requestUser, constants.Priviliges.Update) { if !utils.HasPrivilige(requestUser, constants.Priviliges.Create) {
utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to register subscription", http.StatusForbidden, "user.user", "server.error.unauthorized") utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to register subscription", http.StatusForbidden, "user.user", "server.error.unauthorized")
return return
} }
@@ -118,7 +118,7 @@ func (mc *MembershipController) DeleteSubscription(c *gin.Context) {
return return
} }
if !utils.HasPrivilige(requestUser, constants.Priviliges.Update) { if !utils.HasPrivilige(requestUser, constants.Priviliges.Delete) {
utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update subscription", http.StatusForbidden, "user.user", "server.error.unauthorized") utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update subscription", http.StatusForbidden, "user.user", "server.error.unauthorized")
return return
} }

13
internal/controllers/user_controller.go
View File

@@ -45,6 +45,17 @@ func (uc *UserController) CurrentUserHandler(c *gin.Context) {
} }
func (uc *UserController) GetAllUsers(c *gin.Context) { func (uc *UserController) GetAllUsers(c *gin.Context) {
requestUser, err := uc.ExtractUserFromContext(c)
if err != nil {
utils.RespondWithError(c, err, "Error extracting user from context in UpdateHandler", http.StatusBadRequest, "general", "server.validation.no_auth_tokenw")
return
}
if requestUser.RoleID == constants.Roles.Member {
utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update user", http.StatusForbidden, "user.user", "server.error.unauthorized")
return
}
users, err := uc.Service.GetUsers(nil) users, err := uc.Service.GetUsers(nil)
if err != nil { if err != nil {
utils.RespondWithError(c, err, "Error getting users in GetAllUsers", http.StatusInternalServerError, "user.user", "server.error.internal_server_error") utils.RespondWithError(c, err, "Error getting users in GetAllUsers", http.StatusInternalServerError, "user.user", "server.error.internal_server_error")
@@ -116,7 +127,7 @@ func (uc *UserController) DeleteUser(c *gin.Context) {
return return
} }
if !utils.HasPrivilige(requestUser, constants.Priviliges.Update) && data.User.ID != requestUser.ID { if !utils.HasPrivilige(requestUser, constants.Priviliges.Delete) && data.User.ID != requestUser.ID {
utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to delete user", http.StatusForbidden, "user.user", "server.error.unauthorized") utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to delete user", http.StatusForbidden, "user.user", "server.error.unauthorized")
return return
} }