Merge pull request #30 from fy23-gw-gackathon/fix/cors

ref #28 fix cors
fy23-gw-gackathon · May 12, 2023 · dd84d15 · dd84d15
2 parents c9284ed + fc24b25
commit dd84d15
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 12 deletions.
diff --git a/controller/organization.go b/controller/organization.go
@@ -1,6 +1,7 @@
 package controller
 
 import (
+	"errors"
 	"github.com/fy23-gw-gackathon/reportify-backend/entity"
 	"github.com/gin-gonic/gin"
 	"net/http"
@@ -98,5 +99,8 @@ func (c *OrganizationController) UpdateOrganization(ctx *gin.Context) (interface
 	}
 	user, _ := ctx.Get(entity.ContextKeyUser)
 	oUser := user.(*entity.OrganizationUser)
+	if !oUser.IsAdmin {
+		return nil, entity.NewError(http.StatusForbidden, errors.New("you are not admin"))
+	}
 	return c.OrganizationUseCase.UpdateOrganization(ctx, oUser.OrganizationID, req.Name, req.Code, req.Mission, req.Vision, req.Value)
 }
diff --git a/infrastructure/middleware/cors.go b/infrastructure/middleware/cors.go
@@ -10,6 +10,9 @@ func Cors(cfg config.Config) gin.HandlerFunc {
 	conf := cors.DefaultConfig()
 	conf.AllowOrigins = cfg.AllowOrigins
 	conf.AllowCredentials = true
+	conf.AllowMethods = []string{
+		"GET", "POST", "PUT", "DELETE",
+	}
 	conf.AllowHeaders = append(conf.AllowHeaders, "Authorization")
 	return cors.New(conf)
 }
diff --git a/main.go b/main.go
@@ -50,22 +50,22 @@ func main() {
 	})
 	app.GET("/users/me", handleResponse(userController.GetMe))
 	app.PUT("/reports/:reportId", handleResponse(reportController.ReviewReport, http.StatusNoContent))
-
 	orgs := app.Group("/organizations")
 	orgs.Use(middleware.Authentication(userPersistence, cfg))
-	orgs.GET("/", handleResponse(organizationController.GetOrganizations))
-	org := orgs.Group("/:organizationCode")
-	org.GET("/", handleResponse(organizationController.GetOrganization))
-	org.PUT("/", handleResponse(organizationController.UpdateOrganization))
+	{
+		orgs.GET("/", handleResponse(organizationController.GetOrganizations))
+		orgs.GET("/:organizationCode", handleResponse(organizationController.GetOrganization))
+		orgs.PUT("/:organizationCode", handleResponse(organizationController.UpdateOrganization))
 
-	org.GET("/reports", handleResponse(reportController.GetReports))
-	org.POST("/reports", handleResponse(reportController.CreateReport, http.StatusCreated))
-	org.GET("/reports/:reportId", handleResponse(reportController.GetReport))
+		orgs.GET("/:organizationCode/reports", handleResponse(reportController.GetReports))
+		orgs.POST("/:organizationCode/reports", handleResponse(reportController.CreateReport, http.StatusCreated))
+		orgs.GET("/:organizationCode/reports/:reportId", handleResponse(reportController.GetReport))
 
-	org.GET("/users", handleResponse(userController.GetUsers))
-	org.POST("/users", handleResponse(userController.InviteUser))
-	org.PUT("/users/:userId", handleResponse(userController.UpdateUserRole))
-	org.DELETE("/users/:userId", handleResponse(userController.DeleteUser))
+		orgs.GET("/:organizationCode/users", handleResponse(userController.GetUsers))
+		orgs.POST("/:organizationCode/users", handleResponse(userController.InviteUser))
+		orgs.PUT("/:organizationCode/users/:userId", handleResponse(userController.UpdateUserRole))
+		orgs.DELETE("/:organizationCode/users/:userId", handleResponse(userController.DeleteUser))
+	}
 
 	runApp(app, cfg.App.Port)
 }