@@ -27,9 +27,9 @@ func EscalatePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
var claims *auth.Claims | var claims *auth.Claims | ||||
claims, err = auth.GetUserClaims(r) | claims, err = auth.GetUserClaims(r) | ||||
if claims.Privileges == SuperUser { | |||||
if claims.Privileges < 2 { | |||||
Db.Table("users").Where("username = ?", req.Username).Find(&user) | Db.Table("users").Where("username = ?", req.Username).Find(&user) | ||||
if user.Privileges == SuperUser || user.Privileges == AdminPlus { | |||||
if user.Privileges < 2 { | |||||
resp.Success = false | resp.Success = false | ||||
err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
@@ -11,7 +11,6 @@ import ( | |||||
type QueueMember struct { | type QueueMember struct { | ||||
ID uint `json:"id"` | ID uint `json:"id"` | ||||
Asset string `json:"asset"` | Asset string `json:"asset"` | ||||
Title string `json:"title"` | |||||
Order int `json:"order"` | Order int `json:"order"` | ||||
} | } | ||||
@@ -32,7 +31,7 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) { | |||||
} | } | ||||
var members []QueueMember | var members []QueueMember | ||||
Db.Table("queue_orders qo").Select("rf.id, asset, title, qo.order"). | |||||
Db.Table("queue_orders qo").Select("rf.id, asset, qo.order"). | |||||
Where("queue_id = ?", req.ID). | Where("queue_id = ?", req.ID). | ||||
Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id"). | Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id"). | ||||
Order("qo.order"). | Order("qo.order"). | ||||
@@ -25,9 +25,7 @@ func getQualifiedRewardFunds() []RewardFund { | |||||
"reward_funds.memo", | "reward_funds.memo", | ||||
"reward_funds.price", | "reward_funds.price", | ||||
"reward_funds.amount_available", | "reward_funds.amount_available", | ||||
"reward_funds.min_contribution", | |||||
"reward_funds.title", | |||||
"reward_funds.description"). | |||||
"reward_funds.min_contribution"). | |||||
Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | ||||
Where("qo.reward_fund_id is null"). | Where("qo.reward_fund_id is null"). | ||||
Scan(&standalone) | Scan(&standalone) | ||||
@@ -52,9 +50,7 @@ func getQualifiedRewardFunds() []RewardFund { | |||||
"reward_funds.memo", | "reward_funds.memo", | ||||
"reward_funds.price", | "reward_funds.price", | ||||
"reward_funds.amount_available", | "reward_funds.amount_available", | ||||
"reward_funds.min_contribution", | |||||
"reward_funds.title", | |||||
"reward_funds.description"). | |||||
"reward_funds.min_contribution"). | |||||
Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | ||||
Joins("left join contributions c on reward_funds.id = c.reward_fund_id"). | Joins("left join contributions c on reward_funds.id = c.reward_fund_id"). | ||||
Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id", | Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id", | ||||
@@ -20,7 +20,7 @@ func GetUsers(w http.ResponseWriter, r *http.Request) { | |||||
} | } | ||||
var users []User | var users []User | ||||
Db.Table("users").Scan(&users) | |||||
Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users) | |||||
var resp GetUsersResponse | var resp GetUsersResponse | ||||
resp.Users = users | resp.Users = users | ||||
@@ -139,6 +139,10 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
if claims == nil { | |||||
return | |||||
} | |||||
if noUsersRegistered() || claims.Privileges <= AdminPlus { | if noUsersRegistered() || claims.Privileges <= AdminPlus { | ||||
hash, err := GenerateHash(req.Password, &Params{ | hash, err := GenerateHash(req.Password, &Params{ | ||||
Memory: uint32(viper.GetInt("hashing.memory")), | Memory: uint32(viper.GetInt("hashing.memory")), | ||||