Added logging
This commit is contained in:
kolaente
@ -26,12 +26,15 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
|
||||
|
||||
// Check rights
|
||||
if !c.CObject.CanCreate(¤tUser) {
|
||||
models.Log.Noticef("%s [ID: %d] tried to create while not having the rights for it", currentUser.Username, currentUser.ID)
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
// Create
|
||||
err = c.CObject.Create(¤tUser)
|
||||
if err != nil {
|
||||
models.Log.Error(err.Error())
|
||||
|
||||
if models.IsErrListDoesNotExist(err) {
|
||||
return echo.NewHTTPError(http.StatusBadRequest, "The list does not exist.")
|
||||
}
|
||||
|
||||
@ -19,11 +19,14 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError)
|
||||
}
|
||||
if !c.CObject.CanDelete(&user) {
|
||||
models.Log.Noticef("%s [ID: %d] tried to delete while not having the rights for it", user.Username, user.ID)
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
err = c.CObject.Delete()
|
||||
if err != nil {
|
||||
models.Log.Error(err.Error())
|
||||
|
||||
if models.IsErrNeedToBeListAdmin(err) {
|
||||
return echo.NewHTTPError(http.StatusForbidden, "You need to be the list admin to delete a list.")
|
||||
}
|
||||
|
||||
@ -20,6 +20,8 @@ func (c *WebHandler) ReadAllWeb(ctx echo.Context) error {
|
||||
|
||||
lists, err := c.CObject.ReadAll(¤tUser)
|
||||
if err != nil {
|
||||
models.Log.Error(err.Error())
|
||||
|
||||
if models.IsErrNeedToHaveListReadAccess(err) {
|
||||
return echo.NewHTTPError(http.StatusForbidden, "You need to have read access to this list.")
|
||||
}
|
||||
|
||||
@ -2,7 +2,6 @@ package crud
|
||||
|
||||
import (
|
||||
"code.vikunja.io/api/models"
|
||||
"fmt"
|
||||
"github.com/labstack/echo"
|
||||
"net/http"
|
||||
)
|
||||
@ -18,6 +17,8 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
||||
// Get our object
|
||||
err := c.CObject.ReadOne()
|
||||
if err != nil {
|
||||
models.Log.Error(err.Error())
|
||||
|
||||
if models.IsErrListDoesNotExist(err) {
|
||||
return echo.NewHTTPError(http.StatusNotFound)
|
||||
}
|
||||
@ -30,8 +31,6 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
||||
return echo.NewHTTPError(http.StatusNotFound)
|
||||
}
|
||||
|
||||
fmt.Println(err)
|
||||
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "An error occured.")
|
||||
}
|
||||
|
||||
@ -42,6 +41,7 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
||||
}
|
||||
if !c.CObject.CanRead(¤tUser) {
|
||||
models.Log.Noticef("%s [ID: %d] tried to read while not having the rights for it", currentUser.Username, currentUser.ID)
|
||||
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
||||
}
|
||||
|
||||
|
||||
@ -24,12 +24,15 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
||||
}
|
||||
if !c.CObject.CanUpdate(¤tUser) {
|
||||
models.Log.Noticef("%s [ID: %d] tried to update while not having the rights for it", currentUser.Username, currentUser.ID)
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
// Do the update
|
||||
err = c.CObject.Update()
|
||||
if err != nil {
|
||||
models.Log.Error(err.Error())
|
||||
|
||||
if models.IsErrNeedToBeListAdmin(err) {
|
||||
return echo.NewHTTPError(http.StatusForbidden, "You need to be list admin to do that.")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user