# HG changeset patch
# User Sascha L. Teichmann <sascha.teichmann@intevation.de>
# Date 1533227941 -7200
# Node ID a7b2db8b3d18a388e3782a45bfeb91594488a1fc
# Parent  c23eb0f34e39f3321263977e18af5f37b8b7f9f9
Added type for roles.

diff -r c23eb0f34e39 -r a7b2db8b3d18 auth/middleware.go
--- a/auth/middleware.go	Thu Aug 02 18:07:35 2018 +0200
+++ b/auth/middleware.go	Thu Aug 02 18:39:01 2018 +0200
@@ -64,10 +64,8 @@
 func HasRole(roles ...string) func(*Session) bool {
 	return func(session *Session) bool {
 		for _, r1 := range roles {
-			for _, r2 := range session.Roles {
-				if r1 == r2 {
-					return true
-				}
+			if session.Roles.Has(r1) {
+				return true
 			}
 		}
 		return false
diff -r c23eb0f34e39 -r a7b2db8b3d18 auth/session.go
--- a/auth/session.go	Thu Aug 02 18:07:35 2018 +0200
+++ b/auth/session.go	Thu Aug 02 18:39:01 2018 +0200
@@ -7,11 +7,22 @@
 	"time"
 )
 
+type Roles []string
+
 type Session struct {
-	ExpiresAt int64    `json:"expires"`
-	User      string   `json:"user"`
-	Password  string   `json:"password"`
-	Roles     []string `json:"roles"`
+	ExpiresAt int64  `json:"expires"`
+	User      string `json:"user"`
+	Password  string `json:"password"`
+	Roles     Roles  `json:"roles"`
+}
+
+func (r Roles) Has(role string) bool {
+	for _, x := range r {
+		if x == role {
+			return true
+		}
+	}
+	return false
 }
 
 const (
diff -r c23eb0f34e39 -r a7b2db8b3d18 controllers/user.go
--- a/controllers/user.go	Thu Aug 02 18:07:35 2018 +0200
+++ b/controllers/user.go	Thu Aug 02 18:39:01 2018 +0200
@@ -87,28 +87,32 @@
 	newUser := input.(*User)
 	var res sql.Result
 
-	if newUser.Extent == nil {
-		res, err = db.Exec(
-			updateUserSQL,
-			user,
-			newUser.Role,
-			newUser.User,
-			newUser.Password,
-			newUser.Country,
-			newUser.Email,
-		)
+	if s, _ := auth.GetSession(req); s.Roles.Has("sys_admin") {
+		if newUser.Extent == nil {
+			res, err = db.Exec(
+				updateUserSQL,
+				user,
+				newUser.Role,
+				newUser.User,
+				newUser.Password,
+				newUser.Country,
+				newUser.Email,
+			)
+		} else {
+			res, err = db.Exec(
+				updateUserExtentSQL,
+				user,
+				newUser.Role,
+				newUser.User,
+				newUser.Password,
+				newUser.Country,
+				newUser.Extent.X1, newUser.Extent.Y1,
+				newUser.Extent.X2, newUser.Extent.Y2,
+				newUser.Email,
+			)
+		}
 	} else {
-		res, err = db.Exec(
-			updateUserExtentSQL,
-			user,
-			newUser.Role,
-			newUser.User,
-			newUser.Password,
-			newUser.Country,
-			newUser.Extent.X1, newUser.Extent.Y1,
-			newUser.Extent.X2, newUser.Extent.Y2,
-			newUser.Email,
-		)
+		// ...
 	}
 
 	if err != nil {