Pārlūkot izejas kodu

Edit privilege requirements

master
Jared pirms 1 gada
vecāks
revīzija
f138238b49
5 mainītis faili ar 10 papildinājumiem un 11 dzēšanām
  1. +2
    -2
      endpoints/escalateprivileges.go
  2. +1
    -2
      endpoints/getqueuemembers.go
  3. +2
    -6
      endpoints/getrewardfunds.go
  4. +1
    -1
      endpoints/getusers.go
  5. +4
    -0
      endpoints/register.go

+ 2
- 2
endpoints/escalateprivileges.go Parādīt failu

@@ -27,9 +27,9 @@ func EscalatePrivileges(w http.ResponseWriter, r *http.Request) {
var claims *auth.Claims
claims, err = auth.GetUserClaims(r)

if claims.Privileges == SuperUser {
if claims.Privileges < 2 {
Db.Table("users").Where("username = ?", req.Username).Find(&user)
if user.Privileges == SuperUser || user.Privileges == AdminPlus {
if user.Privileges < 2 {
resp.Success = false

err = json.NewEncoder(w).Encode(resp)


+ 1
- 2
endpoints/getqueuemembers.go Parādīt failu

@@ -11,7 +11,6 @@ import (
type QueueMember struct {
ID uint `json:"id"`
Asset string `json:"asset"`
Title string `json:"title"`
Order int `json:"order"`
}

@@ -32,7 +31,7 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) {
}

var members []QueueMember
Db.Table("queue_orders qo").Select("rf.id, asset, title, qo.order").
Db.Table("queue_orders qo").Select("rf.id, asset, qo.order").
Where("queue_id = ?", req.ID).
Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id").
Order("qo.order").


+ 2
- 6
endpoints/getrewardfunds.go Parādīt failu

@@ -25,9 +25,7 @@ func getQualifiedRewardFunds() []RewardFund {
"reward_funds.memo",
"reward_funds.price",
"reward_funds.amount_available",
"reward_funds.min_contribution",
"reward_funds.title",
"reward_funds.description").
"reward_funds.min_contribution").
Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id").
Where("qo.reward_fund_id is null").
Scan(&standalone)
@@ -52,9 +50,7 @@ func getQualifiedRewardFunds() []RewardFund {
"reward_funds.memo",
"reward_funds.price",
"reward_funds.amount_available",
"reward_funds.min_contribution",
"reward_funds.title",
"reward_funds.description").
"reward_funds.min_contribution").
Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id").
Joins("left join contributions c on reward_funds.id = c.reward_fund_id").
Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id",


+ 1
- 1
endpoints/getusers.go Parādīt failu

@@ -20,7 +20,7 @@ func GetUsers(w http.ResponseWriter, r *http.Request) {
}

var users []User
Db.Table("users").Scan(&users)
Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users)

var resp GetUsersResponse
resp.Users = users


+ 4
- 0
endpoints/register.go Parādīt failu

@@ -139,6 +139,10 @@ func Register(w http.ResponseWriter, r *http.Request) {
return
}

if claims == nil {
return
}

if noUsersRegistered() || claims.Privileges <= AdminPlus {
hash, err := GenerateHash(req.Password, &Params{
Memory: uint32(viper.GetInt("hashing.memory")),


Notiek ielāde…
Atcelt
Saglabāt