37 lines
800 B
Go
37 lines
800 B
Go
package middleware
|
|
|
|
import (
|
|
"nixcn-cms/data"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func Permission(requiredLevel uint) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
userIdOrig, ok := c.Get("user_id")
|
|
if !ok || userIdOrig.(string) == "" {
|
|
c.AbortWithStatusJSON(401, gin.H{"status": "missing user id"})
|
|
return
|
|
}
|
|
|
|
userId, err := uuid.Parse(userIdOrig.(string))
|
|
if err != nil {
|
|
c.AbortWithStatusJSON(500, gin.H{"status": "error parsing user id"})
|
|
return
|
|
}
|
|
|
|
userData, err := new(data.User).GetByUserId(userId)
|
|
if err != nil {
|
|
c.AbortWithStatusJSON(404, gin.H{"status": "user not found"})
|
|
return
|
|
}
|
|
|
|
if userData.PermissionLevel < requiredLevel {
|
|
c.AbortWithStatusJSON(403, gin.H{"status": "permission denied"})
|
|
return
|
|
}
|
|
c.Next()
|
|
}
|
|
}
|