3pp-mirror/pushbits
1
0
Fork 0
mirror of https://github.com/pushbits/server.git synced 2025-06-12 23:52:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

Introduce middleware for parsing ID from URI

Browse source
This commit is contained in:
eikendev 2020-08-02 17:06:11 +02:00
parent e1cd2d2f8e
commit 018ce2e537
No known key found for this signature in database
GPG key ID: A1BDB1B28C8EF694
8 changed files with 74 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

26
api/user.go
View file

@ -13,7 +13,7 @@ import (
// The UserDatabase interface for encapsulating database access.
type UserDatabase interface {
CreateUser(user model.ExternalUserWithCredentials) (*model.User, error)
CreateUser(user model.CreateUser) (*model.User, error)
DeleteUser(user *model.User) error
UpdateUser(user *model.User) error
GetUserByID(ID uint) (*model.User, error)
@ -57,9 +57,9 @@ func (h *UserHandler) ensureIsNotLastAdmin(ctx *gin.Context) (int, error) {
// CreateUser creates a new user.
// This method assumes that the requesting user has privileges.
func (h *UserHandler) CreateUser(ctx *gin.Context) {
var externalUser model.ExternalUserWithCredentials
var externalUser model.CreateUser
if success := successOrAbort(ctx, http.StatusBadRequest, ctx.Bind(&externalUser)); !success {
if err := ctx.Bind(&externalUser); err != nil {
return
}
@ -81,13 +81,12 @@ func (h *UserHandler) CreateUser(ctx *gin.Context) {
//
// This method assumes that the requesting user has privileges.
func (h *UserHandler) DeleteUser(ctx *gin.Context) {
var deleteUser model.DeleteUser
if success := successOrAbort(ctx, http.StatusBadRequest, ctx.BindUri(&deleteUser)); !success {
id, err := getID(ctx)
if err != nil {
return
}
user, err := h.DB.GetUserByID(deleteUser.ID)
user, err := h.DB.GetUserByID(id)
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
return
}
@ -125,17 +124,22 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
// This method assumes that the requesting user has privileges. If users can later update their own user, make sure they
// cannot give themselves privileges.
func (h *UserHandler) UpdateUser(ctx *gin.Context) {
var updateUser model.UpdateUser
if success := successOrAbort(ctx, http.StatusBadRequest, ctx.BindUri(&updateUser)); !success {
id, err := getID(ctx)
if err != nil {
return
}
user, err := h.DB.GetUserByID(updateUser.ID)
user, err := h.DB.GetUserByID(id)
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
return
}
var updateUser model.UpdateUser
if err := ctx.BindUri(&updateUser); err != nil {
return
}
currentUser := authentication.GetUser(ctx)
// Last privileged user must not be taken privileges. Assumes that the current user has privileges.