Add permission middleware

Signed-off-by: Asai Neko <sugar@sne.moe>

service/user/update.go

@@ -10,7 +10,6 @@ import (
 
 func Update(c *gin.Context) {
 	// New user model
-	user := new(data.User)
 	userIdOrig, ok := c.Get("user_id")
 	if !ok {
 		c.JSON(403, gin.H{"status": "userid error"})
@@ -19,34 +18,33 @@ func Update(c *gin.Context) {
 	userId, err := uuid.Parse(userIdOrig.(string))
 	if err != nil {
 		c.JSON(500, gin.H{"status": "failed to parse uuid"})
+		return
 	}
 
 	var ReqInfo data.User
 	c.BindJSON(&ReqInfo)
 
 	// Get user info
-	user.GetByUserId(userId)
-
-	// Reject permission 0 user
-	if user.PermissionLevel == 0 {
-		c.JSON(403, gin.H{"status": "premission denied"})
+	userData, err := new(data.User).GetByUserId(userId)
+	if err != nil {
+		c.JSON(500, gin.H{"status": "failed to find user"})
 		return
 	}
 
-	user.Avatar = ReqInfo.Avatar
-	user.Email = ReqInfo.Email
-	user.Nickname = ReqInfo.Nickname
-	user.Subtitle = ReqInfo.Subtitle
+	userData.Avatar = ReqInfo.Avatar
+	userData.Email = ReqInfo.Email
+	userData.Nickname = ReqInfo.Nickname
+	userData.Subtitle = ReqInfo.Subtitle
 
 	if ReqInfo.Bio != "" {
 		if !cryptography.IsBase64Std(ReqInfo.Bio) {
 			c.JSON(400, gin.H{"status": "invalid base64"})
 		}
 	}
-	user.Bio = ReqInfo.Bio
+	userData.Bio = ReqInfo.Bio
 
 	// Update user info
-	user.UpdateByUserID(userId)
+	userData.UpdateByUserID(userId)
 
 	c.JSON(200, gin.H{"status": "success"})
 }