Edit privilege requirements

1 year ago · f138238b49
--- a/endpoints/escalateprivileges.go
+++ b/endpoints/escalateprivileges.go
@@ -27,9 +27,9 @@ func EscalatePrivileges(w http.ResponseWriter, r *http.Request) {
 	var claims *auth.Claims
 	claims, err = auth.GetUserClaims(r)

 	if claims.Privileges == SuperUser {
 	if claims.Privileges < 2 {
 		Db.Table("users").Where("username = ?", req.Username).Find(&user)
 		if user.Privileges == SuperUser || user.Privileges == AdminPlus {
 		if user.Privileges < 2 {
 			resp.Success = false

 			err = json.NewEncoder(w).Encode(resp)
--- a/endpoints/getqueuemembers.go
+++ b/endpoints/getqueuemembers.go
@@ -11,7 +11,6 @@ import (
 type QueueMember struct {
 	ID    uint   `json:"id"`
 	Asset string `json:"asset"`
 	Title string `json:"title"`
 	Order int    `json:"order"`
 }

@@ -32,7 +31,7 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) {
 	}

 	var members []QueueMember
 	Db.Table("queue_orders qo").Select("rf.id, asset, title, qo.order").
 	Db.Table("queue_orders qo").Select("rf.id, asset, qo.order").
 		Where("queue_id = ?", req.ID).
 		Joins("inner join reward_funds rf on qo.reward_fund_id = rf.id").
 		Order("qo.order").
--- a/endpoints/getrewardfunds.go
+++ b/endpoints/getrewardfunds.go
@@ -25,9 +25,7 @@ func getQualifiedRewardFunds() []RewardFund {
 			"reward_funds.memo",
 			"reward_funds.price",
 			"reward_funds.amount_available",
 			"reward_funds.min_contribution",
 			"reward_funds.title",
 			"reward_funds.description").
 			"reward_funds.min_contribution").
 		Joins("left outer join queue_orders qo on reward_funds.id = qo.reward_fund_id").
 		Where("qo.reward_fund_id is null").
 		Scan(&standalone)
@@ -52,9 +50,7 @@ func getQualifiedRewardFunds() []RewardFund {
 			"reward_funds.memo",
 			"reward_funds.price",
 			"reward_funds.amount_available",
 			"reward_funds.min_contribution",
 			"reward_funds.title",
 			"reward_funds.description").
 			"reward_funds.min_contribution").
 		Joins("inner join queue_orders qo on reward_funds.id = qo.reward_fund_id").
 		Joins("left join contributions c on reward_funds.id = c.reward_fund_id").
 		Joins("inner join (?) tt on reward_funds.id = tt.reward_fund_id",
--- a/endpoints/getusers.go
+++ b/endpoints/getusers.go
@@ -20,7 +20,7 @@ func GetUsers(w http.ResponseWriter, r *http.Request) {
 	}

 	var users []User
 	Db.Table("users").Scan(&users)
 	Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users)

 	var resp GetUsersResponse
 	resp.Users = users
--- a/endpoints/register.go
+++ b/endpoints/register.go
@@ -139,6 +139,10 @@ func Register(w http.ResponseWriter, r *http.Request) {
 		return
 	}

 	if claims == nil {
 		return
 	}

 	if noUsersRegistered() || claims.Privileges <= AdminPlus {
 		hash, err := GenerateHash(req.Password, &Params{
 			Memory:      uint32(viper.GetInt("hashing.memory")),