nixcn/nixcn-cms
1
0
Fork 1
Code Pull Requests Activity

Mod permission middleware to only request database once
All checks were successful
Build Backend (NixCN CMS) TeamCity build finished
Details
Build Frontend (NixCN CMS) TeamCity build finished
Details

Browse Source 
Signed-off-by: Asai Neko <sugar@sne.moe>
This commit is contained in:
Asai Neko
2026-01-06 10:40:48 +08:00
parent ddffb0da23
commit 0f1c8e327e
1 changed files with 27 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
middleware/permission.go
View File

@@ -9,6 +9,9 @@ import (
func Permission(requiredLevel uint) gin.HandlerFunc {
return func(c *gin.Context) {
var permissionLevel uint
permissionLevelPrev, ok := c.Get("permission_level")
if !ok {
userIdOrig, ok := c.Get("user_id")
if !ok || userIdOrig.(string) == "" {
c.AbortWithStatusJSON(401, gin.H{"status": "missing user id"})
@@ -27,10 +30,17 @@ func Permission(requiredLevel uint) gin.HandlerFunc {
return
}
if userData.PermissionLevel < requiredLevel {
permissionLevel = userData.PermissionLevel
c.Set("permission_level", userData.PermissionLevel)
} else {
permissionLevel = permissionLevelPrev.(uint)
}
if permissionLevel < requiredLevel {
c.AbortWithStatusJSON(403, gin.H{"status": "permission denied"})
return
}
c.Next()
}
}