Mod permission middleware to only request database once

Signed-off-by: Asai Neko <sugar@sne.moe>

middleware/permission.go

@@ -9,28 +9,38 @@ import (
 
 func Permission(requiredLevel uint) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		userIdOrig, ok := c.Get("user_id")
+		var permissionLevel uint
-		if !ok || userIdOrig.(string) == "" {
+		permissionLevelPrev, ok := c.Get("permission_level")
-			c.AbortWithStatusJSON(401, gin.H{"status": "missing user id"})
+		if !ok {
-			return
+			userIdOrig, ok := c.Get("user_id")
+			if !ok || userIdOrig.(string) == "" {
+				c.AbortWithStatusJSON(401, gin.H{"status": "missing user id"})
+				return
+			}
+
+			userId, err := uuid.Parse(userIdOrig.(string))
+			if err != nil {
+				c.AbortWithStatusJSON(500, gin.H{"status": "error parsing user id"})
+				return
+			}
+
+			userData, err := new(data.User).GetByUserId(userId)
+			if err != nil {
+				c.AbortWithStatusJSON(404, gin.H{"status": "user not found"})
+				return
+			}
+
+			permissionLevel = userData.PermissionLevel
+			c.Set("permission_level", userData.PermissionLevel)
+		} else {
+			permissionLevel = permissionLevelPrev.(uint)
 		}
 
-		userId, err := uuid.Parse(userIdOrig.(string))
+		if permissionLevel < requiredLevel {
-		if err != nil {
-			c.AbortWithStatusJSON(500, gin.H{"status": "error parsing user id"})
-			return
-		}
-
-		userData, err := new(data.User).GetByUserId(userId)
-		if err != nil {
-			c.AbortWithStatusJSON(404, gin.H{"status": "user not found"})
-			return
-		}
-
-		if userData.PermissionLevel < requiredLevel {
 			c.AbortWithStatusJSON(403, gin.H{"status": "permission denied"})
 			return
 		}
+
 		c.Next()
 	}
 }