@@ -29,14 +29,20 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > AdminPlus { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | |||||
var fund RewardFund | var fund RewardFund | ||||
var modified int64 | var modified int64 | ||||
if claims != nil && claims.Privileges <= AdminPlus && req.Close { | |||||
if req.Close { | |||||
Db.Table("reward_funds").Find(&fund, req.ID) | Db.Table("reward_funds").Find(&fund, req.ID) | ||||
modified = Db.Delete(&fund).RowsAffected | modified = Db.Delete(&fund).RowsAffected | ||||
} else { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | } | ||||
var resp SuccessResponse | var resp SuccessResponse | ||||
@@ -32,25 +32,29 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > Admin { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | |||||
var resp CreateQueueResponse | var resp CreateQueueResponse | ||||
if claims != nil && claims.Privileges <= Admin { | |||||
var specificQueue Queue | |||||
Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||||
var specificQueue Queue | |||||
Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||||
if specificQueue.ID != 0 { | |||||
resp.ID = specificQueue.ID | |||||
} else { | |||||
queue := Queue{ | |||||
Name: req.Name, | |||||
} | |||||
if specificQueue.ID != 0 { | |||||
resp.ID = specificQueue.ID | |||||
} else { | |||||
queue := Queue{ | |||||
Name: req.Name, | |||||
} | |||||
Db.Create(&queue) | |||||
Db.Create(&queue) | |||||
resp.ID = queue.ID | |||||
} | |||||
} else { | |||||
w.WriteHeader(403) | |||||
return | |||||
resp.ID = queue.ID | |||||
} | } | ||||
err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
@@ -85,26 +85,31 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) { | |||||
return | return | ||||
} | } | ||||
if claims != nil && claims.Privileges <= Admin { | |||||
Db.Create(&rewardFund) | |||||
Db.Create(&joinRecord) | |||||
if claims == nil { | |||||
resp.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > Admin { | |||||
resp.WriteHeader(403) | |||||
return | |||||
} | |||||
for _, cancel := range cancellations { | |||||
cancel() | |||||
} | |||||
go InitializeContributionStreams() | |||||
Db.Create(&rewardFund) | |||||
Db.Create(&joinRecord) | |||||
for _, bonus := range fund.Bonuses { | |||||
bonus.RewardFundID = rewardFund.ID | |||||
bonuses = append(bonuses, bonus) | |||||
} | |||||
Db.Create(&bonuses) | |||||
for _, cancel := range cancellations { | |||||
cancel() | |||||
} | |||||
go InitializeContributionStreams() | |||||
err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true}) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not create response for created reward fund") | |||||
} | |||||
} else { | |||||
resp.WriteHeader(403) | |||||
for _, bonus := range fund.Bonuses { | |||||
bonus.RewardFundID = rewardFund.ID | |||||
bonuses = append(bonuses, bonus) | |||||
} | |||||
Db.Create(&bonuses) | |||||
err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true}) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not create response for created reward fund") | |||||
} | } | ||||
} | } |
@@ -4,6 +4,7 @@ import ( | |||||
"encoding/json" | "encoding/json" | ||||
"net/http" | "net/http" | ||||
"github.com/imosed/signet/auth" | |||||
. "github.com/imosed/signet/data" | . "github.com/imosed/signet/data" | ||||
"github.com/rs/zerolog/log" | "github.com/rs/zerolog/log" | ||||
) | ) | ||||
@@ -27,6 +28,20 @@ func EditQueue(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
var claims *auth.Claims | |||||
claims, err = auth.GetUserClaims(r) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not get user claims in call to EditQueue") | |||||
} | |||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > Admin { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | |||||
var resp SuccessResponse | var resp SuccessResponse | ||||
for _, qo := range req.FundOrders { | for _, qo := range req.FundOrders { | ||||
Db.Table("queue_orders"). | Db.Table("queue_orders"). | ||||
@@ -28,26 +28,30 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
var claims *auth.Claims | var claims *auth.Claims | ||||
claims, err = auth.GetUserClaims(r) | claims, err = auth.GetUserClaims(r) | ||||
if claims != nil && claims.Privileges <= AdminPlus { | |||||
Db.Table("users").Where("id = ?", req.UserID).Find(&user) | |||||
if req.Privileges == SuperUser { | |||||
resp.Success = false | |||||
err = json.NewEncoder(w).Encode(resp) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not deliver failed escalate privileges response") | |||||
} | |||||
return | |||||
} | |||||
user.Privileges = req.Privileges | |||||
Db.Save(user) | |||||
resp.Success = true | |||||
} else { | |||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > AdminPlus { | |||||
w.WriteHeader(403) | w.WriteHeader(403) | ||||
return | return | ||||
} | } | ||||
Db.Table("users").Where("id = ?", req.UserID).Find(&user) | |||||
if req.Privileges == SuperUser { | |||||
resp.Success = false | |||||
err = json.NewEncoder(w).Encode(resp) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not deliver failed escalate privileges response") | |||||
} | |||||
return | |||||
} | |||||
user.Privileges = req.Privileges | |||||
Db.Save(user) | |||||
resp.Success = true | |||||
err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
if err != nil { | if err != nil { | ||||
log.Error().Err(err).Msg("Could not deliver successful escalate privileges response") | log.Error().Err(err).Msg("Could not deliver successful escalate privileges response") | ||||
@@ -4,6 +4,7 @@ import ( | |||||
"encoding/json" | "encoding/json" | ||||
"net/http" | "net/http" | ||||
"github.com/imosed/signet/auth" | |||||
. "github.com/imosed/signet/data" | . "github.com/imosed/signet/data" | ||||
"github.com/rs/zerolog/log" | "github.com/rs/zerolog/log" | ||||
) | ) | ||||
@@ -30,6 +31,21 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
var claims *auth.Claims | |||||
claims, err = auth.GetUserClaims(r) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not get user claims in request to GetQueueMembers") | |||||
} | |||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > Admin { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | |||||
var members []QueueMember | var members []QueueMember | ||||
Db.Table("queue_orders qo").Select("rf.id, asset, qo.order"). | Db.Table("queue_orders qo").Select("rf.id, asset, qo.order"). | ||||
Where("queue_id = ?", req.ID). | Where("queue_id = ?", req.ID). | ||||
@@ -15,7 +15,11 @@ type GetUsersResponse struct { | |||||
func GetUsers(w http.ResponseWriter, r *http.Request) { | func GetUsers(w http.ResponseWriter, r *http.Request) { | ||||
claims, err := auth.GetUserClaims(r) | claims, err := auth.GetUserClaims(r) | ||||
if claims == nil || (claims != nil && claims.Privileges > AdminPlus) { | |||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > AdminPlus { | |||||
w.WriteHeader(403) | w.WriteHeader(403) | ||||
return | return | ||||
} | } | ||||
@@ -150,33 +150,31 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
if claims == nil { | |||||
return | |||||
} | |||||
if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) { | |||||
hash, err := GetHashedPassword(req.Password) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not generate hash for registration") | |||||
if !noUsersRegistered() { | |||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | return | ||||
} | } | ||||
if claims.Privileges > AdminPlus { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | |||||
} | |||||
hash, err := GetHashedPassword(req.Password) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not generate hash for registration") | |||||
return | |||||
} | |||||
Db.Create(&User{ | |||||
Username: req.Username, | |||||
Password: hash, | |||||
Privileges: determinePrivileges(), | |||||
}) | |||||
Db.Create(&User{ | |||||
Username: req.Username, | |||||
Password: hash, | |||||
Privileges: determinePrivileges(), | |||||
}) | |||||
err = json.NewEncoder(w).Encode(SuccessResponse{Success: true}) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not deliver successful account creation response") | |||||
} | |||||
} else if !noUsersRegistered() { | |||||
err = json.NewEncoder(w).Encode(SuccessResponse{Success: false}) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response") | |||||
} | |||||
} else if claims != nil && claims.Privileges > SuperUser { | |||||
w.WriteHeader(403) | |||||
err = json.NewEncoder(w).Encode(SuccessResponse{Success: true}) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not deliver successful account creation response") | |||||
} | } | ||||
} | } |
@@ -4,6 +4,7 @@ import ( | |||||
"encoding/json" | "encoding/json" | ||||
"net/http" | "net/http" | ||||
"github.com/imosed/signet/auth" | |||||
"github.com/imosed/signet/utils" | "github.com/imosed/signet/utils" | ||||
"github.com/rs/zerolog/log" | "github.com/rs/zerolog/log" | ||||
) | ) | ||||
@@ -20,6 +21,20 @@ func SubmitFund(w http.ResponseWriter, r *http.Request) { | |||||
log.Error().Err(err).Msg("Could not decode body in SubmitFund call") | log.Error().Err(err).Msg("Could not decode body in SubmitFund call") | ||||
} | } | ||||
var claims *auth.Claims | |||||
claims, err = auth.GetUserClaims(r) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not get user claims in call to SubmitFund") | |||||
} | |||||
if claims == nil { | |||||
w.WriteHeader(401) | |||||
return | |||||
} | |||||
if claims.Privileges > Admin { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | |||||
var resp SuccessResponse | var resp SuccessResponse | ||||
resp.Success = false | resp.Success = false | ||||