|
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- package endpoints
-
- import (
- "encoding/json"
- "net/http"
-
- "github.com/imosed/signet/auth"
- . "github.com/imosed/signet/data"
- "github.com/rs/zerolog/log"
- )
-
- type EscalatePrivilegesRequest struct {
- UserID uint `json:"userID"`
- Privileges uint `json:"privileges"`
- }
-
- func ChangePrivileges(w http.ResponseWriter, r *http.Request) {
- var req EscalatePrivilegesRequest
- err := json.NewDecoder(r.Body).Decode(&req)
- if err != nil {
- log.Error().Err(err).Msg("Could not decode body in ChangePrivileges call")
- return
- }
-
- var resp SuccessResponse
- var user User
-
- var claims *auth.Claims
- claims, err = auth.GetUserClaims(r)
-
- if claims != nil && claims.Privileges <= AdminPlus {
- Db.Table("users").Where("id = ?", req.UserID).Find(&user)
- if req.Privileges == SuperUser {
- resp.Success = false
-
- err = json.NewEncoder(w).Encode(resp)
- if err != nil {
- log.Error().Err(err).Msg("Could not deliver failed escalate privileges response")
- }
- return
- }
-
- user.Privileges = req.Privileges
- Db.Save(user)
- resp.Success = true
- } else {
- w.WriteHeader(403)
- return
- }
-
- err = json.NewEncoder(w).Encode(resp)
- if err != nil {
- log.Error().Err(err).Msg("Could not deliver successful escalate privileges response")
- }
- }
|