Jared
2 years ago
5 changed files with 10 additions and 11 deletions
Unified View
Diff Options
-
+2 -2endpoints/escalateprivileges.go
-
+1 -2endpoints/getqueuemembers.go
-
+2 -6endpoints/getrewardfunds.go
-
+1 -1endpoints/getusers.go
-
+4 -0endpoints/register.go
+ 2
- 2
endpoints/escalateprivileges.go
View File
| @@ -27,9 +27,9 @@ func EscalatePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
| var claims *auth.Claims | var claims *auth.Claims | ||||
| claims, err = auth.GetUserClaims(r) | claims, err = auth.GetUserClaims(r) | ||||
| if claims.Privileges == SuperUser { | |||||
| if claims.Privileges < 2 { | |||||
| Db.Table("users").Where("username = ?", req.Username).Find(&user) | Db.Table("users").Where("username = ?", req.Username).Find(&user) | ||||
| if user.Privileges == SuperUser || user.Privileges == AdminPlus { | |||||
| if user.Privileges < 2 { | |||||
| resp.Success = false | resp.Success = false | ||||
| err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
+ 1
- 2
endpoints/getqueuemembers.go
View File
| @@ -11,7 +11,6 @@ import ( | |||||
| type QueueMember struct { | type QueueMember struct { | ||||
| ID uint `json:"id"` | ID uint `json:"id"` | ||||
| Asset string `json:"asset"` | Asset string `json:"asset"` | ||||
| Title string `json:"title"` | |||||
| Order int `json:"order"` | Order int `json:"order"` | ||||
| } | } | ||||
| @@ -32,7 +31,7 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) { | |||||
| } | } | ||||
| var members []QueueMember | var members []QueueMember | ||||
| Db.Table("queue_orders qo").Select("rf.id, asset, title, qo.order"). | |||||
| Db.Table("queue_orders qo").Select("rf.id, asset, qo.order"). | |||||
| Where("queue_id = ?", req.ID). | Where("queue_id = ?", req.ID). | ||||
| Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id"). | Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id"). | ||||
| Order("qo.order"). | Order("qo.order"). | ||||
+ 2
- 6
endpoints/getrewardfunds.go
View File
| @@ -25,9 +25,7 @@ func getQualifiedRewardFunds() []RewardFund { | |||||
| "reward_funds.memo", | "reward_funds.memo", | ||||
| "reward_funds.price", | "reward_funds.price", | ||||
| "reward_funds.amount_available", | "reward_funds.amount_available", | ||||
| "reward_funds.min_contribution", | |||||
| "reward_funds.title", | |||||
| "reward_funds.description"). | |||||
| "reward_funds.min_contribution"). | |||||
| Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | ||||
| Where("qo.reward_fund_id is null"). | Where("qo.reward_fund_id is null"). | ||||
| Scan(&standalone) | Scan(&standalone) | ||||
| @@ -52,9 +50,7 @@ func getQualifiedRewardFunds() []RewardFund { | |||||
| "reward_funds.memo", | "reward_funds.memo", | ||||
| "reward_funds.price", | "reward_funds.price", | ||||
| "reward_funds.amount_available", | "reward_funds.amount_available", | ||||
| "reward_funds.min_contribution", | |||||
| "reward_funds.title", | |||||
| "reward_funds.description"). | |||||
| "reward_funds.min_contribution"). | |||||
| Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id"). | ||||
| Joins("left join contributions c on reward_funds.id = c.reward_fund_id"). | Joins("left join contributions c on reward_funds.id = c.reward_fund_id"). | ||||
| Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id", | Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id", | ||||
+ 1
- 1
endpoints/getusers.go
View File
| @@ -20,7 +20,7 @@ func GetUsers(w http.ResponseWriter, r *http.Request) { | |||||
| } | } | ||||
| var users []User | var users []User | ||||
| Db.Table("users").Scan(&users) | |||||
| Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users) | |||||
| var resp GetUsersResponse | var resp GetUsersResponse | ||||
| resp.Users = users | resp.Users = users | ||||
+ 4
- 0
endpoints/register.go
View File
| @@ -139,6 +139,10 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
| return | return | ||||
| } | } | ||||
| if claims == nil { | |||||
| return | |||||
| } | |||||
| if noUsersRegistered() || claims.Privileges <= AdminPlus { | if noUsersRegistered() || claims.Privileges <= AdminPlus { | ||||
| hash, err := GenerateHash(req.Password, &Params{ | hash, err := GenerateHash(req.Password, &Params{ | ||||
| Memory: uint32(viper.GetInt("hashing.memory")), | Memory: uint32(viper.GetInt("hashing.memory")), | ||||