Noa Virellia
e4329dfc2b
- Replace hardcoded error messages with structured error codes using exception.Builder. - Introduce new common error constants in exception/common.go (CommonErrorInvalidInput, CommonErrorUserNotFound, etc.). - Update exception/specific.go with domain-specific errors and remove redundant ones. - Apply consistent error handling across auth, event, user services and middleware. Co-authored-by: Gemini <gemini@google.com> Signed-off-by: Noa Virellia <noa@requiem.garden>
77 lines
2.1 KiB
Go
77 lines
2.1 KiB
Go
package middleware
|
|
|
|
import (
|
|
"nixcn-cms/data"
|
|
"nixcn-cms/exception"
|
|
"nixcn-cms/utils"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func Permission(requiredLevel uint) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
var permissionLevel uint
|
|
permissionLevelPrev, ok := c.Get("permission_level")
|
|
if !ok {
|
|
userIdOrig, ok := c.Get("user_id")
|
|
if !ok || userIdOrig.(string) == "" {
|
|
errorCode := new(exception.Builder).
|
|
SetStatus(exception.ErrorStatusUser).
|
|
SetService(exception.MiddlewarePermissionService).
|
|
SetEndpoint(exception.MiddlewareEndpoint).
|
|
SetType(exception.ErrorTypeCommon).
|
|
SetOriginal(exception.CommonErrorMissingUserId).
|
|
Build()
|
|
utils.HttpAbort(c, 401, errorCode)
|
|
return
|
|
}
|
|
|
|
userId, err := uuid.Parse(userIdOrig.(string))
|
|
if err != nil {
|
|
errorCode := new(exception.Builder).
|
|
SetStatus(exception.ErrorStatusServer).
|
|
SetService(exception.MiddlewarePermissionService).
|
|
SetEndpoint(exception.MiddlewareEndpoint).
|
|
SetType(exception.ErrorTypeCommon).
|
|
SetOriginal(exception.CommonErrorUuidParseFailed).
|
|
Build()
|
|
utils.HttpAbort(c, 500, errorCode)
|
|
return
|
|
}
|
|
|
|
userData, err := new(data.User).GetByUserId(userId)
|
|
if err != nil {
|
|
errorCode := new(exception.Builder).
|
|
SetStatus(exception.ErrorStatusUser).
|
|
SetService(exception.MiddlewarePermissionService).
|
|
SetEndpoint(exception.MiddlewareEndpoint).
|
|
SetType(exception.ErrorTypeCommon).
|
|
SetOriginal(exception.CommonErrorUserNotFound).
|
|
Build()
|
|
utils.HttpAbort(c, 404, errorCode)
|
|
return
|
|
}
|
|
|
|
permissionLevel = userData.PermissionLevel
|
|
c.Set("permission_level", userData.PermissionLevel)
|
|
} else {
|
|
permissionLevel = permissionLevelPrev.(uint)
|
|
}
|
|
|
|
if permissionLevel < requiredLevel {
|
|
errorCode := new(exception.Builder).
|
|
SetStatus(exception.ErrorStatusUser).
|
|
SetService(exception.MiddlewarePermissionService).
|
|
SetEndpoint(exception.MiddlewareEndpoint).
|
|
SetType(exception.ErrorTypeCommon).
|
|
SetOriginal(exception.CommonErrorPermissionDenied).
|
|
Build()
|
|
utils.HttpAbort(c, 403, errorCode)
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|