48 lines
1020 B
Go
48 lines
1020 B
Go
package middleware
|
|
|
|
import (
|
|
"nixcn-cms/data"
|
|
"nixcn-cms/utils"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func Permission(requiredLevel uint) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
var permissionLevel uint
|
|
permissionLevelPrev, ok := c.Get("permission_level")
|
|
if !ok {
|
|
userIdOrig, ok := c.Get("user_id")
|
|
if !ok || userIdOrig.(string) == "" {
|
|
utils.HttpAbort(c, 401, "", "missing user id")
|
|
return
|
|
}
|
|
|
|
userId, err := uuid.Parse(userIdOrig.(string))
|
|
if err != nil {
|
|
utils.HttpAbort(c, 500, "", "error parsing user id")
|
|
return
|
|
}
|
|
|
|
userData, err := new(data.User).GetByUserId(userId)
|
|
if err != nil {
|
|
utils.HttpAbort(c, 404, "", "user not found")
|
|
return
|
|
}
|
|
|
|
permissionLevel = userData.PermissionLevel
|
|
c.Set("permission_level", userData.PermissionLevel)
|
|
} else {
|
|
permissionLevel = permissionLevelPrev.(uint)
|
|
}
|
|
|
|
if permissionLevel < requiredLevel {
|
|
utils.HttpAbort(c, 403, "", "permission denied")
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|