teach/atsebay.t
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Restrict /api/users to admin and loggedUsers
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
nemunaire 2021-01-30 03:34:24 +01:00
parent 986c7e4c64
commit 0b924af8fe
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
users.go
View File

@ -12,11 +12,11 @@ func init() {
router.GET("/api/users", apiHandler( router.GET("/api/users", apiHandler(
func(httprouter.Params, []byte) HTTPResponse { func(httprouter.Params, []byte) HTTPResponse {
return formatApiResponse(getUsers()) return formatApiResponse(getUsers())
})) }, adminRestricted))
router.GET("/api/users/:uid", apiHandler(userHandler( router.GET("/api/users/:uid", apiHandler(userHandler(
func(u User, _ []byte) HTTPResponse { func(u User, _ []byte) HTTPResponse {
return APIResponse{u} return APIResponse{u}
}))) }), loggedUser))
router.PUT("/api/users/:uid", apiHandler(userHandler(updateUser), adminRestricted)) router.PUT("/api/users/:uid", apiHandler(userHandler(updateUser), adminRestricted))
router.DELETE("/api/users/:uid", apiHandler(userHandler( router.DELETE("/api/users/:uid", apiHandler(userHandler(
func(u User, _ []byte) HTTPResponse { func(u User, _ []byte) HTTPResponse {