Refactor user access check to questions
This commit is contained in:
parent
ad0d12e67a
commit
9fd73ce235
35
questions.go
35
questions.go
@ -60,6 +60,7 @@ func declareAPIAuthQuestionsRoutes(router *gin.RouterGroup) {
|
||||
|
||||
questionsRoutes := router.Group("/questions/:qid")
|
||||
questionsRoutes.Use(questionHandler)
|
||||
questionsRoutes.Use(questionUserAccessHandler)
|
||||
|
||||
questionsRoutes.GET("", func(c *gin.Context) {
|
||||
c.JSON(http.StatusOK, c.MustGet("question").(*Question))
|
||||
@ -97,6 +98,7 @@ func declareAPIAdminQuestionsRoutes(router *gin.RouterGroup) {
|
||||
|
||||
questionsRoutes := router.Group("/questions/:qid")
|
||||
questionsRoutes.Use(questionHandler)
|
||||
questionsRoutes.Use(questionUserAccessHandler)
|
||||
|
||||
questionsRoutes.PUT("", func(c *gin.Context) {
|
||||
current := c.MustGet("question").(*Question)
|
||||
@ -137,6 +139,7 @@ func declareAPIAdminQuestionsRoutes(router *gin.RouterGroup) {
|
||||
func declareAPIAdminUserQuestionsRoutes(router *gin.RouterGroup) {
|
||||
questionsRoutes := router.Group("/questions/:qid")
|
||||
questionsRoutes.Use(questionHandler)
|
||||
questionsRoutes.Use(questionUserAccessHandler)
|
||||
|
||||
questionsRoutes.GET("", func(c *gin.Context) {
|
||||
question := c.MustGet("question").(*Question)
|
||||
@ -154,8 +157,6 @@ func declareAPIAdminUserQuestionsRoutes(router *gin.RouterGroup) {
|
||||
}
|
||||
|
||||
func questionHandler(c *gin.Context) {
|
||||
u := c.MustGet("LoggedUser").(*User)
|
||||
|
||||
var survey *Survey
|
||||
if s, ok := c.Get("survey"); ok {
|
||||
survey = s.(*Survey)
|
||||
@ -175,7 +176,29 @@ func questionHandler(c *gin.Context) {
|
||||
c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"errmsg": "Question not found"})
|
||||
return
|
||||
}
|
||||
} else {
|
||||
question, err = survey.GetQuestion(qid)
|
||||
if err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"errmsg": "Question not found"})
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
c.Set("question", question)
|
||||
|
||||
c.Next()
|
||||
}
|
||||
|
||||
func questionUserAccessHandler(c *gin.Context) {
|
||||
var survey *Survey
|
||||
if s, ok := c.Get("survey"); ok {
|
||||
survey = s.(*Survey)
|
||||
}
|
||||
|
||||
u := c.MustGet("LoggedUser").(*User)
|
||||
question := c.MustGet("question").(*Question)
|
||||
|
||||
if survey == nil {
|
||||
s, err := getSurvey(int(question.IdSurvey))
|
||||
if err != nil {
|
||||
log.Println("Unable to getSurvey:", err)
|
||||
@ -184,12 +207,6 @@ func questionHandler(c *gin.Context) {
|
||||
}
|
||||
|
||||
survey = s
|
||||
} else {
|
||||
question, err = survey.GetQuestion(qid)
|
||||
if err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"errmsg": "Question not found"})
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if !u.IsAdmin && (!survey.checkUserAccessToSurvey(u) || (survey.Direct != nil && *survey.Direct != question.Id)) {
|
||||
@ -201,8 +218,6 @@ func questionHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
c.Set("question", question)
|
||||
|
||||
c.Next()
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user