Mercurial > gemma
comparison controllers/routes.go @ 270:d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Each user should be able to list/change her/his own informations.
Added a new middleware checker "all" for this.
This stricly not needed because all users are at least
a waterway_user. This is for the case theat we may later
(unlikely) add other roles and for explicitness of model constraints.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Mon, 30 Jul 2018 12:31:46 +0200 |
| parents | de6fdb316b8f |
| children | 3c5420976910 |
comparison
equal
deleted
inserted
replaced
| 267:7f030ec3472d | 270:d1b0d964af09 |
|---|---|
| 10 | 10 |
| 11 func BindRoutes(m *mux.Router) { | 11 func BindRoutes(m *mux.Router) { |
| 12 | 12 |
| 13 api := m.PathPrefix("/api").Subrouter() | 13 api := m.PathPrefix("/api").Subrouter() |
| 14 | 14 |
| 15 sysAdmin := auth.EnsureRole("sys_admin") | 15 var ( |
| 16 sysAdmin = auth.EnsureRole("sys_admin") | |
| 17 all = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user") | |
| 18 ) | |
| 16 | 19 |
| 17 api.Handle("/users", sysAdmin(&JSONHandler{ | 20 api.Handle("/users", sysAdmin(&JSONHandler{ |
| 18 Handle: listUsers, | 21 Handle: listUsers, |
| 19 })).Methods(http.MethodGet) | 22 })).Methods(http.MethodGet) |
| 20 | 23 |
| 21 api.Handle("/users", sysAdmin(&JSONHandler{ | 24 api.Handle("/users", sysAdmin(&JSONHandler{ |
| 22 Input: func() interface{} { return new(User) }, | 25 Input: func() interface{} { return new(User) }, |
| 23 Handle: createUser, | 26 Handle: createUser, |
| 24 })).Methods(http.MethodPost) | 27 })).Methods(http.MethodPost) |
| 25 | 28 |
| 26 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ | 29 api.Handle("/users/{user}", all(&JSONHandler{ |
| 27 Handle: listUser, | 30 Handle: listUser, |
| 28 })).Methods(http.MethodGet) | 31 })).Methods(http.MethodGet) |
| 29 | 32 |
| 30 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ | 33 api.Handle("/users/{user}", all(&JSONHandler{ |
| 31 Input: func() interface{} { return new(User) }, | 34 Input: func() interface{} { return new(User) }, |
| 32 Handle: updateUser, | 35 Handle: updateUser, |
| 33 })).Methods(http.MethodPut) | 36 })).Methods(http.MethodPut) |
| 34 | 37 |
| 35 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ | 38 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ |