@@ -29,14 +29,20 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) { | |||
return | |||
} | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > AdminPlus { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
var fund RewardFund | |||
var modified int64 | |||
if claims != nil && claims.Privileges <= AdminPlus && req.Close { | |||
if req.Close { | |||
Db.Table("reward_funds").Find(&fund, req.ID) | |||
modified = Db.Delete(&fund).RowsAffected | |||
} else { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
var resp SuccessResponse | |||
@@ -32,25 +32,29 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) { | |||
return | |||
} | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > Admin { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
var resp CreateQueueResponse | |||
if claims != nil && claims.Privileges <= Admin { | |||
var specificQueue Queue | |||
Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||
var specificQueue Queue | |||
Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||
if specificQueue.ID != 0 { | |||
resp.ID = specificQueue.ID | |||
} else { | |||
queue := Queue{ | |||
Name: req.Name, | |||
} | |||
if specificQueue.ID != 0 { | |||
resp.ID = specificQueue.ID | |||
} else { | |||
queue := Queue{ | |||
Name: req.Name, | |||
} | |||
Db.Create(&queue) | |||
Db.Create(&queue) | |||
resp.ID = queue.ID | |||
} | |||
} else { | |||
w.WriteHeader(403) | |||
return | |||
resp.ID = queue.ID | |||
} | |||
err = json.NewEncoder(w).Encode(resp) | |||
@@ -85,26 +85,31 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) { | |||
return | |||
} | |||
if claims != nil && claims.Privileges <= Admin { | |||
Db.Create(&rewardFund) | |||
Db.Create(&joinRecord) | |||
if claims == nil { | |||
resp.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > Admin { | |||
resp.WriteHeader(403) | |||
return | |||
} | |||
for _, cancel := range cancellations { | |||
cancel() | |||
} | |||
go InitializeContributionStreams() | |||
Db.Create(&rewardFund) | |||
Db.Create(&joinRecord) | |||
for _, bonus := range fund.Bonuses { | |||
bonus.RewardFundID = rewardFund.ID | |||
bonuses = append(bonuses, bonus) | |||
} | |||
Db.Create(&bonuses) | |||
for _, cancel := range cancellations { | |||
cancel() | |||
} | |||
go InitializeContributionStreams() | |||
err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true}) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not create response for created reward fund") | |||
} | |||
} else { | |||
resp.WriteHeader(403) | |||
for _, bonus := range fund.Bonuses { | |||
bonus.RewardFundID = rewardFund.ID | |||
bonuses = append(bonuses, bonus) | |||
} | |||
Db.Create(&bonuses) | |||
err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true}) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not create response for created reward fund") | |||
} | |||
} |
@@ -4,6 +4,7 @@ import ( | |||
"encoding/json" | |||
"net/http" | |||
"github.com/imosed/signet/auth" | |||
. "github.com/imosed/signet/data" | |||
"github.com/rs/zerolog/log" | |||
) | |||
@@ -27,6 +28,20 @@ func EditQueue(w http.ResponseWriter, r *http.Request) { | |||
return | |||
} | |||
var claims *auth.Claims | |||
claims, err = auth.GetUserClaims(r) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not get user claims in call to EditQueue") | |||
} | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > Admin { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
var resp SuccessResponse | |||
for _, qo := range req.FundOrders { | |||
Db.Table("queue_orders"). | |||
@@ -28,26 +28,30 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) { | |||
var claims *auth.Claims | |||
claims, err = auth.GetUserClaims(r) | |||
if claims != nil && claims.Privileges <= AdminPlus { | |||
Db.Table("users").Where("id = ?", req.UserID).Find(&user) | |||
if req.Privileges == SuperUser { | |||
resp.Success = false | |||
err = json.NewEncoder(w).Encode(resp) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not deliver failed escalate privileges response") | |||
} | |||
return | |||
} | |||
user.Privileges = req.Privileges | |||
Db.Save(user) | |||
resp.Success = true | |||
} else { | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > AdminPlus { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
Db.Table("users").Where("id = ?", req.UserID).Find(&user) | |||
if req.Privileges == SuperUser { | |||
resp.Success = false | |||
err = json.NewEncoder(w).Encode(resp) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not deliver failed escalate privileges response") | |||
} | |||
return | |||
} | |||
user.Privileges = req.Privileges | |||
Db.Save(user) | |||
resp.Success = true | |||
err = json.NewEncoder(w).Encode(resp) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not deliver successful escalate privileges response") | |||
@@ -4,6 +4,7 @@ import ( | |||
"encoding/json" | |||
"net/http" | |||
"github.com/imosed/signet/auth" | |||
. "github.com/imosed/signet/data" | |||
"github.com/rs/zerolog/log" | |||
) | |||
@@ -30,6 +31,21 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) { | |||
return | |||
} | |||
var claims *auth.Claims | |||
claims, err = auth.GetUserClaims(r) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not get user claims in request to GetQueueMembers") | |||
} | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > Admin { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
var members []QueueMember | |||
Db.Table("queue_orders qo").Select("rf.id, asset, qo.order"). | |||
Where("queue_id = ?", req.ID). | |||
@@ -15,7 +15,11 @@ type GetUsersResponse struct { | |||
func GetUsers(w http.ResponseWriter, r *http.Request) { | |||
claims, err := auth.GetUserClaims(r) | |||
if claims == nil || (claims != nil && claims.Privileges > AdminPlus) { | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > AdminPlus { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
@@ -150,33 +150,31 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||
return | |||
} | |||
if claims == nil { | |||
return | |||
} | |||
if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) { | |||
hash, err := GetHashedPassword(req.Password) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not generate hash for registration") | |||
if !noUsersRegistered() { | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > AdminPlus { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
} | |||
hash, err := GetHashedPassword(req.Password) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not generate hash for registration") | |||
return | |||
} | |||
Db.Create(&User{ | |||
Username: req.Username, | |||
Password: hash, | |||
Privileges: determinePrivileges(), | |||
}) | |||
Db.Create(&User{ | |||
Username: req.Username, | |||
Password: hash, | |||
Privileges: determinePrivileges(), | |||
}) | |||
err = json.NewEncoder(w).Encode(SuccessResponse{Success: true}) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not deliver successful account creation response") | |||
} | |||
} else if !noUsersRegistered() { | |||
err = json.NewEncoder(w).Encode(SuccessResponse{Success: false}) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response") | |||
} | |||
} else if claims != nil && claims.Privileges > SuperUser { | |||
w.WriteHeader(403) | |||
err = json.NewEncoder(w).Encode(SuccessResponse{Success: true}) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not deliver successful account creation response") | |||
} | |||
} |
@@ -4,6 +4,7 @@ import ( | |||
"encoding/json" | |||
"net/http" | |||
"github.com/imosed/signet/auth" | |||
"github.com/imosed/signet/utils" | |||
"github.com/rs/zerolog/log" | |||
) | |||
@@ -20,6 +21,20 @@ func SubmitFund(w http.ResponseWriter, r *http.Request) { | |||
log.Error().Err(err).Msg("Could not decode body in SubmitFund call") | |||
} | |||
var claims *auth.Claims | |||
claims, err = auth.GetUserClaims(r) | |||
if err != nil { | |||
log.Error().Err(err).Msg("Could not get user claims in call to SubmitFund") | |||
} | |||
if claims == nil { | |||
w.WriteHeader(401) | |||
return | |||
} | |||
if claims.Privileges > Admin { | |||
w.WriteHeader(403) | |||
return | |||
} | |||
var resp SuccessResponse | |||
resp.Success = false | |||