Fixed rights check
This commit is contained in:
parent
62b466dd13
commit
7dc1f4191c
|
@ -42,11 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
|
|||
}
|
||||
|
||||
// Check rights
|
||||
canRead, err := currentStruct.CanCreate(currentAuth)
|
||||
canCreate, err := currentStruct.CanCreate(currentAuth)
|
||||
if err != nil {
|
||||
return HandleHTTPError(err, ctx)
|
||||
}
|
||||
if canRead {
|
||||
if !canCreate {
|
||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
|
|
@ -44,8 +44,8 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
|
|||
if err != nil {
|
||||
return HandleHTTPError(err, ctx)
|
||||
}
|
||||
if canDelete {
|
||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||
if !canDelete {
|
||||
config.LoggingProvider.Noticef("Tried to delete while not having the rights for it (User: %v)", currentAuth)
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
|
|
|
@ -39,8 +39,8 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
|||
if err != nil {
|
||||
return HandleHTTPError(err, ctx)
|
||||
}
|
||||
if canRead {
|
||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||
if !canRead {
|
||||
config.LoggingProvider.Noticef("Tried to read while not having the rights for it (User: %v)", currentAuth)
|
||||
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
||||
}
|
||||
|
||||
|
|
|
@ -45,8 +45,8 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
|
|||
if err != nil {
|
||||
return HandleHTTPError(err, ctx)
|
||||
}
|
||||
if canUpdate {
|
||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||
if !canUpdate {
|
||||
config.LoggingProvider.Noticef("Tried to update while not having the rights for it (User: %v)", currentAuth)
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue