mirror of
https://git.rwth-aachen.de/acs/public/villas/web-backend-go/
synced 2025-03-30 00:00:12 +01:00
387c922059
- create a guest user and modify function that adds users to the DB for testing - improve code coverage of file endpoint tests and remove some obsolete code from file package - add more error info if role validation fails in all endpoints - change response of GET files to only return the file data and nothing else - fix some bugs in file endpoints that became visible by the tests
44 lines
1.1 KiB
Go
44 lines
1.1 KiB
Go
package scenario
|
|
|
|
import (
|
|
"fmt"
|
|
"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper"
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/database"
|
|
)
|
|
|
|
func CheckPermissions(c *gin.Context, operation database.CRUD, screnarioIDSource string, scenarioIDbody int) (bool, Scenario) {
|
|
|
|
var so Scenario
|
|
|
|
err := database.ValidateRole(c, database.ModelScenario, operation)
|
|
if err != nil {
|
|
helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of scenario failed): %v", err))
|
|
return false, so
|
|
}
|
|
|
|
if operation == database.Create || (operation == database.Read && screnarioIDSource == "none") {
|
|
return true, so
|
|
}
|
|
|
|
scenarioID, err := helper.GetIDOfElement(c, "scenarioID", screnarioIDSource, scenarioIDbody)
|
|
if err != nil {
|
|
return false, so
|
|
}
|
|
|
|
userID, _ := c.Get(database.UserIDCtx)
|
|
userRole, _ := c.Get(database.UserRoleCtx)
|
|
|
|
err = so.ByID(uint(scenarioID))
|
|
if helper.DBError(c, err) {
|
|
return false, so
|
|
}
|
|
|
|
if so.checkAccess(userID.(uint), userRole.(string)) == false {
|
|
helper.UnprocessableEntityError(c, "Access denied (for scenario ID).")
|
|
return false, so
|
|
}
|
|
|
|
return true, so
|
|
}
|