diff --git a/endpoints/escalateprivileges.go b/endpoints/escalateprivileges.go index ab285bb..feed4e2 100644 --- a/endpoints/escalateprivileges.go +++ b/endpoints/escalateprivileges.go @@ -27,9 +27,9 @@ func EscalatePrivileges(w http.ResponseWriter, r *http.Request) { var claims *auth.Claims claims, err = auth.GetUserClaims(r) - if claims.Privileges == SuperUser { + if claims.Privileges < 2 { Db.Table("users").Where("username = ?", req.Username).Find(&user) - if user.Privileges == SuperUser || user.Privileges == AdminPlus { + if user.Privileges < 2 { resp.Success = false err = json.NewEncoder(w).Encode(resp) diff --git a/endpoints/getqueuemembers.go b/endpoints/getqueuemembers.go index 5193023..e7a4588 100644 --- a/endpoints/getqueuemembers.go +++ b/endpoints/getqueuemembers.go @@ -11,7 +11,6 @@ import ( type QueueMember struct { ID uint `json:"id"` Asset string `json:"asset"` - Title string `json:"title"` Order int `json:"order"` } @@ -32,7 +31,7 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) { } var members []QueueMember - Db.Table("queue_orders qo").Select("rf.id, asset, title, qo.order"). + Db.Table("queue_orders qo").Select("rf.id, asset, qo.order"). Where("queue_id = ?", req.ID). Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id"). Order("qo.order"). diff --git a/endpoints/getrewardfunds.go b/endpoints/getrewardfunds.go index b7abbb6..d3465e3 100644 --- a/endpoints/getrewardfunds.go +++ b/endpoints/getrewardfunds.go @@ -25,9 +25,7 @@ func getQualifiedRewardFunds() []RewardFund { "reward_funds.memo", "reward_funds.price", "reward_funds.amount_available", - "reward_funds.min_contribution", - "reward_funds.title", - "reward_funds.description"). + "reward_funds.min_contribution"). Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id"). Where("qo.reward_fund_id is null"). Scan(&standalone) @@ -52,9 +50,7 @@ func getQualifiedRewardFunds() []RewardFund { "reward_funds.memo", "reward_funds.price", "reward_funds.amount_available", - "reward_funds.min_contribution", - "reward_funds.title", - "reward_funds.description"). + "reward_funds.min_contribution"). Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id"). Joins("left join contributions c on reward_funds.id = c.reward_fund_id"). Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id", diff --git a/endpoints/getusers.go b/endpoints/getusers.go index f4aa385..a1ba786 100644 --- a/endpoints/getusers.go +++ b/endpoints/getusers.go @@ -20,7 +20,7 @@ func GetUsers(w http.ResponseWriter, r *http.Request) { } var users []User - Db.Table("users").Scan(&users) + Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users) var resp GetUsersResponse resp.Users = users diff --git a/endpoints/register.go b/endpoints/register.go index 2ccb00b..4698770 100644 --- a/endpoints/register.go +++ b/endpoints/register.go @@ -139,6 +139,10 @@ func Register(w http.ResponseWriter, r *http.Request) { return } + if claims == nil { + return + } + if noUsersRegistered() || claims.Privileges <= AdminPlus { hash, err := GenerateHash(req.Password, &Params{ Memory: uint32(viper.GetInt("hashing.memory")),