Allow access to work/:wid to users
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
nemunaire 2022-07-11 18:33:57 +02:00
parent 5a6390e9a5
commit 9dfc72e099

View File

@ -72,10 +72,16 @@ func init() {
return formatApiResponse(NewWork(new.Title, new.Promo, new.Group, new.Shown, new.SubmissionURL, new.StartAvailability, new.EndAvailability)) return formatApiResponse(NewWork(new.Title, new.Promo, new.Group, new.Shown, new.SubmissionURL, new.StartAvailability, new.EndAvailability))
}, adminRestricted)) }, adminRestricted))
router.GET("/api/works/:wid", apiHandler(workHandler( router.GET("/api/works/:wid", apiAuthHandler(workAuthHandler(
func(w Work, _ []byte) HTTPResponse { func(w Work, u *User, _ []byte) HTTPResponse {
return APIResponse{w} if u.IsAdmin {
}), adminRestricted)) return APIResponse{w}
} else if w.Shown && w.StartAvailability.Before(time.Now()) && (w.Group == "" || strings.Contains(u.Groups, ","+w.Group+",")) {
return APIResponse{w}
} else {
return APIErrorResponse{status: http.StatusForbidden, err: fmt.Errorf("Permission denied")}
}
}), loggedUser))
router.PUT("/api/works/:wid", apiHandler(workHandler(func(current Work, body []byte) HTTPResponse { router.PUT("/api/works/:wid", apiHandler(workHandler(func(current Work, body []byte) HTTPResponse {
var new Work var new Work
if err := json.Unmarshal(body, &new); err != nil { if err := json.Unmarshal(body, &new); err != nil {