Allow access to work/:wid to users
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
5a6390e9a5
commit
9dfc72e099
12
works.go
12
works.go
@ -72,10 +72,16 @@ func init() {
|
||||
|
||||
return formatApiResponse(NewWork(new.Title, new.Promo, new.Group, new.Shown, new.SubmissionURL, new.StartAvailability, new.EndAvailability))
|
||||
}, adminRestricted))
|
||||
router.GET("/api/works/:wid", apiHandler(workHandler(
|
||||
func(w Work, _ []byte) HTTPResponse {
|
||||
router.GET("/api/works/:wid", apiAuthHandler(workAuthHandler(
|
||||
func(w Work, u *User, _ []byte) HTTPResponse {
|
||||
if u.IsAdmin {
|
||||
return APIResponse{w}
|
||||
}), adminRestricted))
|
||||
} else if w.Shown && w.StartAvailability.Before(time.Now()) && (w.Group == "" || strings.Contains(u.Groups, ","+w.Group+",")) {
|
||||
return APIResponse{w}
|
||||
} else {
|
||||
return APIErrorResponse{status: http.StatusForbidden, err: fmt.Errorf("Permission denied")}
|
||||
}
|
||||
}), loggedUser))
|
||||
router.PUT("/api/works/:wid", apiHandler(workHandler(func(current Work, body []byte) HTTPResponse {
|
||||
var new Work
|
||||
if err := json.Unmarshal(body, &new); err != nil {
|
||||
|
Reference in New Issue
Block a user