ami/tl-vikunja
1
0
Fork 0
Code Activity

Let rights methods return errors (#64)

Browse Source
This commit is contained in:
konrad
2019-03-24 12:35:50 +00:00
committed by Gitea
parent 11e7c071ce
commit 47352d3ed4
44 changed files with 282 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vendor/code.vikunja.io/web/handler/create.go generated vendored
View File

@ -42,7 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
}
// Check rights
if !currentStruct.CanCreate(currentAuth) {
canRead, err := currentStruct.CanCreate(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canRead {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden)
}

6
vendor/code.vikunja.io/web/handler/delete.go generated vendored
View File

@ -40,7 +40,11 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError)
}
if !currentStruct.CanDelete(currentAuth) {
canDelete, err := currentStruct.CanDelete(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canDelete {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden)
}

6
vendor/code.vikunja.io/web/handler/read_one.go generated vendored
View File

@ -42,7 +42,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
}
if !currentStruct.CanRead(currentAuth) {
canRead, err := currentStruct.CanRead(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canRead {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
}

6
vendor/code.vikunja.io/web/handler/update.go generated vendored
View File

@ -41,7 +41,11 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
}
if !currentStruct.CanUpdate(currentAuth) {
canUpdate, err := currentStruct.CanUpdate(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canUpdate {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden)
}