Allow access to work/:wid to users
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
5a6390e9a5
commit
9dfc72e099
14
works.go
14
works.go
@ -72,10 +72,16 @@ func init() {
|
|||||||
|
|
||||||
return formatApiResponse(NewWork(new.Title, new.Promo, new.Group, new.Shown, new.SubmissionURL, new.StartAvailability, new.EndAvailability))
|
return formatApiResponse(NewWork(new.Title, new.Promo, new.Group, new.Shown, new.SubmissionURL, new.StartAvailability, new.EndAvailability))
|
||||||
}, adminRestricted))
|
}, adminRestricted))
|
||||||
router.GET("/api/works/:wid", apiHandler(workHandler(
|
router.GET("/api/works/:wid", apiAuthHandler(workAuthHandler(
|
||||||
func(w Work, _ []byte) HTTPResponse {
|
func(w Work, u *User, _ []byte) HTTPResponse {
|
||||||
return APIResponse{w}
|
if u.IsAdmin {
|
||||||
}), adminRestricted))
|
return APIResponse{w}
|
||||||
|
} else if w.Shown && w.StartAvailability.Before(time.Now()) && (w.Group == "" || strings.Contains(u.Groups, ","+w.Group+",")) {
|
||||||
|
return APIResponse{w}
|
||||||
|
} else {
|
||||||
|
return APIErrorResponse{status: http.StatusForbidden, err: fmt.Errorf("Permission denied")}
|
||||||
|
}
|
||||||
|
}), loggedUser))
|
||||||
router.PUT("/api/works/:wid", apiHandler(workHandler(func(current Work, body []byte) HTTPResponse {
|
router.PUT("/api/works/:wid", apiHandler(workHandler(func(current Work, body []byte) HTTPResponse {
|
||||||
var new Work
|
var new Work
|
||||||
if err := json.Unmarshal(body, &new); err != nil {
|
if err := json.Unmarshal(body, &new); err != nil {
|
||||||
|
Reference in New Issue
Block a user