ami/tl-vikunja
1
0
Fork 0
Code Activity

Fix rights checks (#70)

Browse Source
This commit is contained in:
konrad
2019-04-01 19:48:48 +00:00
committed by Gitea
parent 19faee0102
commit 87873e53c5
17 changed files with 92 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/models/teams_rights.go
View File

@ -28,13 +28,7 @@ func (t *Team) CanCreate(a web.Auth) (bool, error) {
// CanUpdate checks if the user can update a team
func (t *Team) CanUpdate(a web.Auth) (bool, error) {
u := getUserForRights(a)
// Check if the current user is in the team and has admin rights in it
return x.Where("team_id = ?", t.ID).
And("user_id = ?", u.ID).
And("admin = ?", true).
Get(&TeamMember{})
return t.IsAdmin(a)
}
// CanDelete checks if a user can delete a team
@ -46,6 +40,12 @@ func (t *Team) CanDelete(a web.Auth) (bool, error) {
func (t *Team) IsAdmin(a web.Auth) (bool, error) {
u := getUserForRights(a)
// Check if the team exists to be able to return a proper error message if not
_, err := GetTeamByID(t.ID)
if err != nil {
return false, err
}
return x.Where("team_id = ?", t.ID).
And("user_id = ?", u.ID).
And("admin = ?", true).