/
users_api.go
118 lines (100 loc) · 2.46 KB
/
users_api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package web
import (
"errors"
"github.com/A1Liu/webserver/database"
"github.com/A1Liu/webserver/models"
"github.com/gin-gonic/gin"
"strconv"
)
var (
MissingPermissions = errors.New("missing permissions")
)
func AddUsersApi(users *gin.RouterGroup) {
users.GET("/all", func(c *gin.Context) {
pageIndex, err := strconv.ParseUint(c.Query("pageIndex"), 10, 64)
if err != nil {
pageIndex = 0
}
users, err := database.SelectUsers(pageIndex)
JsonInfer(c, users, err)
})
users.GET("/add", func(c *gin.Context) {
_, err := database.InsertUser(c.Query("username"),
c.Query("email"), c.Query("password"), models.NormalUser)
JsonInfer(c, nil, err)
})
users.GET("/token", func(c *gin.Context) {
user, err := QueryParamLogin(c)
if JsonFail(c, err) {
return
}
token, err := database.CreateToken(user.Id)
JsonInfer(c, token, err)
})
users.GET("/get", func(c *gin.Context) {
user, err := QueryParamToken(c)
JsonInfer(c, user, err)
})
}
func AddPermissionsApi(permissions *gin.RouterGroup) {
permissions.GET("/add", func(c *gin.Context) {
user, err := QueryParamToken(c)
if JsonFail(c, err) {
return
}
target, err := QueryParamUint(c, "target")
if JsonFail(c, err) {
return
}
reference, err := QueryParamUint(c, "reference")
if JsonFail(c, err) {
return
}
permission, err := models.BuildPermission(c.Query("permission"), *reference)
if err != nil {
JsonFail(c, err)
return
}
ok, err := database.HasPermissions(user,
[]models.Permission{*models.BroadPermission(models.ElevateUsers), *permission})
if JsonFail(c, err) {
return
}
if !ok {
JsonFail(c, MissingPermissions)
return
}
id, err := database.AddPermission(user, *target, permission)
JsonInfer(c, id, err)
})
permissions.GET("/remove", func(c *gin.Context) {
user, err := QueryParamToken(c)
if JsonFail(c, err) {
return
}
target, err := QueryParamUint(c, "target")
if JsonFail(c, err) {
return
}
reference, err := QueryParamUint(c, "reference")
if JsonFail(c, err) {
return
}
permission, err := models.BuildPermission(c.Query("permission"), *reference)
if err != nil {
JsonFail(c, err)
return
}
ok, err := database.HasPermissions(user,
[]models.Permission{*models.BroadPermission(models.DemoteUsers), *permission})
if JsonFail(c, err) {
return
}
if !ok {
JsonFail(c, MissingPermissions)
return
}
err = database.RemovePermissions(*target, *permission)
JsonInfer(c, err, err)
})
}