Mercurial > gemma
comparison controllers/routes.go @ 270:d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Each user should be able to list/change her/his own informations.
Added a new middleware checker "all" for this.
This stricly not needed because all users are at least
a waterway_user. This is for the case theat we may later
(unlikely) add other roles and for explicitness of model constraints.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 30 Jul 2018 12:31:46 +0200 |
parents | de6fdb316b8f |
children | 3c5420976910 |
comparison
equal
deleted
inserted
replaced
267:7f030ec3472d | 270:d1b0d964af09 |
---|---|
10 | 10 |
11 func BindRoutes(m *mux.Router) { | 11 func BindRoutes(m *mux.Router) { |
12 | 12 |
13 api := m.PathPrefix("/api").Subrouter() | 13 api := m.PathPrefix("/api").Subrouter() |
14 | 14 |
15 sysAdmin := auth.EnsureRole("sys_admin") | 15 var ( |
16 sysAdmin = auth.EnsureRole("sys_admin") | |
17 all = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user") | |
18 ) | |
16 | 19 |
17 api.Handle("/users", sysAdmin(&JSONHandler{ | 20 api.Handle("/users", sysAdmin(&JSONHandler{ |
18 Handle: listUsers, | 21 Handle: listUsers, |
19 })).Methods(http.MethodGet) | 22 })).Methods(http.MethodGet) |
20 | 23 |
21 api.Handle("/users", sysAdmin(&JSONHandler{ | 24 api.Handle("/users", sysAdmin(&JSONHandler{ |
22 Input: func() interface{} { return new(User) }, | 25 Input: func() interface{} { return new(User) }, |
23 Handle: createUser, | 26 Handle: createUser, |
24 })).Methods(http.MethodPost) | 27 })).Methods(http.MethodPost) |
25 | 28 |
26 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ | 29 api.Handle("/users/{user}", all(&JSONHandler{ |
27 Handle: listUser, | 30 Handle: listUser, |
28 })).Methods(http.MethodGet) | 31 })).Methods(http.MethodGet) |
29 | 32 |
30 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ | 33 api.Handle("/users/{user}", all(&JSONHandler{ |
31 Input: func() interface{} { return new(User) }, | 34 Input: func() interface{} { return new(User) }, |
32 Handle: updateUser, | 35 Handle: updateUser, |
33 })).Methods(http.MethodPut) | 36 })).Methods(http.MethodPut) |
34 | 37 |
35 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ | 38 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ |