Mercurial > gemma

changeset 270:d1b0d964af09

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Dont restrict listing/updating of users to sys_admins. Each user should be able to list/change her/his own informations. Added a new middleware checker "all" for this. This stricly not needed because all users are at least a waterway_user. This is for the case theat we may later (unlikely) add other roles and for explicitness of model constraints.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Mon, 30 Jul 2018 12:31:46 +0200
parents 7f030ec3472d
children 02aaff4b4a66
files controllers/routes.go
diffstat 1 files changed, 6 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/controllers/routes.go	Mon Jul 30 11:08:17 2018 +0200
+++ b/controllers/routes.go	Mon Jul 30 12:31:46 2018 +0200
@@ -12,7 +12,10 @@
 
 	api := m.PathPrefix("/api").Subrouter()
 
-	sysAdmin := auth.EnsureRole("sys_admin")
+	var (
+		sysAdmin = auth.EnsureRole("sys_admin")
+		all      = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user")
+	)
 
 	api.Handle("/users", sysAdmin(&JSONHandler{
 		Handle: listUsers,
@@ -23,11 +26,11 @@
 		Handle: createUser,
 	})).Methods(http.MethodPost)
 
-	api.Handle("/users/{user}", sysAdmin(&JSONHandler{
+	api.Handle("/users/{user}", all(&JSONHandler{
 		Handle: listUser,
 	})).Methods(http.MethodGet)
 
-	api.Handle("/users/{user}", sysAdmin(&JSONHandler{
+	api.Handle("/users/{user}", all(&JSONHandler{
 		Input:  func() interface{} { return new(User) },
 		Handle: updateUser,
 	})).Methods(http.MethodPut)