From a293b1d9541589272e413e399f87b42cb7688c42 Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Wed, 5 Jun 2019 11:18:57 +0200 Subject: [PATCH] consider user's role for GET simulaitons endpoint --- routes/simulation/simulationEndpoints.go | 29 ++++++++++++++++++------ 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/routes/simulation/simulationEndpoints.go b/routes/simulation/simulationEndpoints.go index a312260..876e4db 100644 --- a/routes/simulation/simulationEndpoints.go +++ b/routes/simulation/simulationEndpoints.go @@ -1,6 +1,7 @@ package simulation import ( + "fmt" "net/http" "github.com/gin-gonic/gin" @@ -33,22 +34,36 @@ func RegisterSimulationEndpoints(r *gin.RouterGroup) { // @Router /simulations [get] func getSimulations(c *gin.Context) { - // ATTENTION: do not use c.GetInt ("user_id") since user_id is of type uint and not int - userID, _ := c.Get("user_id") + err := common.ValidateRole(c, common.ModelSimulation, common.Read) + if err != nil { + c.JSON(http.StatusUnprocessableEntity, fmt.Sprintf("%v", err)) + return + } + + // ATTENTION: do not use c.GetInt (common.UserIDCtx) since user_id is of type uint and not int + userID, _ := c.Get(common.UserIDCtx) + userRole, _ := c.Get(common.UserRoleCtx) var u user.User - err := u.ByID(userID.(uint)) + err = u.ByID(userID.(uint)) if common.ProvideErrorResponse(c, err) { return } // get all simulations for the user who issues the request - // TODO consider role of user, if admin return all simulations db := common.GetDB() var simulations []common.Simulation - err = db.Order("ID asc").Model(&u).Related(&simulations, "Simulations").Error - if common.ProvideErrorResponse(c, err) { - return + if userRole == "Admin" { // Admin can see all simulations + err = db.Order("ID asc").Find(&simulations).Error + if common.ProvideErrorResponse(c, err) { + return + } + + } else { // User or Guest roles see only their simulations + err = db.Order("ID asc").Model(&u).Related(&simulations, "Simulations").Error + if common.ProvideErrorResponse(c, err) { + return + } } serializer := common.SimulationsSerializer{c, simulations}