Mercurial > gemma
changeset 270:d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Each user should be able to list/change her/his own informations.
Added a new middleware checker "all" for this.
This stricly not needed because all users are at least
a waterway_user. This is for the case theat we may later
(unlikely) add other roles and for explicitness of model constraints.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 30 Jul 2018 12:31:46 +0200 |
parents | 7f030ec3472d |
children | 02aaff4b4a66 |
files | controllers/routes.go |
diffstat | 1 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/controllers/routes.go Mon Jul 30 11:08:17 2018 +0200 +++ b/controllers/routes.go Mon Jul 30 12:31:46 2018 +0200 @@ -12,7 +12,10 @@ api := m.PathPrefix("/api").Subrouter() - sysAdmin := auth.EnsureRole("sys_admin") + var ( + sysAdmin = auth.EnsureRole("sys_admin") + all = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user") + ) api.Handle("/users", sysAdmin(&JSONHandler{ Handle: listUsers, @@ -23,11 +26,11 @@ Handle: createUser, })).Methods(http.MethodPost) - api.Handle("/users/{user}", sysAdmin(&JSONHandler{ + api.Handle("/users/{user}", all(&JSONHandler{ Handle: listUser, })).Methods(http.MethodGet) - api.Handle("/users/{user}", sysAdmin(&JSONHandler{ + api.Handle("/users/{user}", all(&JSONHandler{ Input: func() interface{} { return new(User) }, Handle: updateUser, })).Methods(http.MethodPut)