Harden works and surveys routes
This commit is contained in:
parent
a5105979cc
commit
d787d1c350
2 changed files with 33 additions and 1 deletions
15
surveys.go
15
surveys.go
|
|
@ -52,6 +52,7 @@ func declareAPISurveysRoutes(router *gin.RouterGroup) {
|
|||
|
||||
surveysRoutes := router.Group("/surveys/:sid")
|
||||
surveysRoutes.Use(surveyHandler)
|
||||
surveysRoutes.Use(surveyUserAccessHandler)
|
||||
|
||||
surveysRoutes.GET("", func(c *gin.Context) {
|
||||
u := c.MustGet("LoggedUser").(*User)
|
||||
|
|
@ -198,6 +199,20 @@ func surveyHandler(c *gin.Context) {
|
|||
}
|
||||
}
|
||||
|
||||
func surveyUserAccessHandler(c *gin.Context) {
|
||||
u := c.MustGet("LoggedUser").(*User)
|
||||
w := c.MustGet("survey").(*Survey)
|
||||
|
||||
if u.IsAdmin {
|
||||
c.Next()
|
||||
} else if w.Shown && (w.Group == "" || strings.Contains(u.Groups, ","+w.Group+",")) {
|
||||
c.Next()
|
||||
} else {
|
||||
c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"errmsg": "Survey not found."})
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
type Survey struct {
|
||||
Id int64 `json:"id"`
|
||||
Title string `json:"title"`
|
||||
|
|
|
|||
Reference in a new issue