added features and fixes
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
||||
"net/http"
|
||||
|
||||
"git.dustin.coffee/hobokenchicken/dumpsterChat/internal/middleware"
|
||||
"git.dustin.coffee/hobokenchicken/dumpsterChat/internal/permissions"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
@@ -81,15 +82,8 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
if ownerID != userID {
|
||||
// Check permission
|
||||
var hasPerm bool
|
||||
err = h.db.QueryRowContext(r.Context(), `
|
||||
SELECT EXISTS (
|
||||
SELECT 1 FROM role_permissions rp
|
||||
JOIN member_roles mr ON mr.role_id = rp.role_id
|
||||
WHERE mr.user_id = $1 AND mr.server_id = $2 AND rp.permission = 'manage_channels'
|
||||
)
|
||||
`, userID, serverID).Scan(&hasPerm)
|
||||
checker := permissions.NewChecker(h.db)
|
||||
hasPerm, err := checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_CHANNELS)
|
||||
if err != nil || !hasPerm {
|
||||
http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden)
|
||||
return
|
||||
@@ -223,14 +217,8 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
if ownerID != userID {
|
||||
var hasPerm bool
|
||||
err = h.db.QueryRowContext(r.Context(), `
|
||||
SELECT EXISTS (
|
||||
SELECT 1 FROM role_permissions rp
|
||||
JOIN member_roles mr ON mr.role_id = rp.role_id
|
||||
WHERE mr.user_id = $1 AND mr.server_id = $2 AND rp.permission = 'manage_channels'
|
||||
)
|
||||
`, userID, serverID).Scan(&hasPerm)
|
||||
checker := permissions.NewChecker(h.db)
|
||||
hasPerm, err := checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_CHANNELS)
|
||||
if err != nil || !hasPerm {
|
||||
http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden)
|
||||
return
|
||||
@@ -279,14 +267,8 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
if ownerID != userID {
|
||||
var hasPerm bool
|
||||
err = h.db.QueryRowContext(r.Context(), `
|
||||
SELECT EXISTS (
|
||||
SELECT 1 FROM role_permissions rp
|
||||
JOIN member_roles mr ON mr.role_id = rp.role_id
|
||||
WHERE mr.user_id = $1 AND mr.server_id = $2 AND rp.permission = 'manage_channels'
|
||||
)
|
||||
`, userID, serverID).Scan(&hasPerm)
|
||||
checker := permissions.NewChecker(h.db)
|
||||
hasPerm, err := checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_CHANNELS)
|
||||
if err != nil || !hasPerm {
|
||||
http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user