# HG changeset patch
# User Sascha L. Teichmann <sascha.teichmann@intevation.de>
# Date 1532946706 -7200
# Node ID d1b0d964af09b2ea20e40ff07827f28c633fed96
# Parent  7f030ec3472dc6ff62e849a4c9a951715a349c56
Dont restrict listing/updating of users to sys_admins.

Each user should be able to list/change her/his own informations.
Added a new middleware checker "all" for this.
This stricly not needed because all users are at least
a waterway_user. This is for the case theat we may later
(unlikely) add other roles and for explicitness of model constraints.

diff -r 7f030ec3472d -r d1b0d964af09 controllers/routes.go
--- a/controllers/routes.go	Mon Jul 30 11:08:17 2018 +0200
+++ b/controllers/routes.go	Mon Jul 30 12:31:46 2018 +0200
@@ -12,7 +12,10 @@
 
 	api := m.PathPrefix("/api").Subrouter()
 
-	sysAdmin := auth.EnsureRole("sys_admin")
+	var (
+		sysAdmin = auth.EnsureRole("sys_admin")
+		all      = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user")
+	)
 
 	api.Handle("/users", sysAdmin(&JSONHandler{
 		Handle: listUsers,
@@ -23,11 +26,11 @@
 		Handle: createUser,
 	})).Methods(http.MethodPost)
 
-	api.Handle("/users/{user}", sysAdmin(&JSONHandler{
+	api.Handle("/users/{user}", all(&JSONHandler{
 		Handle: listUser,
 	})).Methods(http.MethodGet)
 
-	api.Handle("/users/{user}", sysAdmin(&JSONHandler{
+	api.Handle("/users/{user}", all(&JSONHandler{
 		Input:  func() interface{} { return new(User) },
 		Handle: updateUser,
 	})).Methods(http.MethodPut)