diff --git a/controller/organization.go b/controller/organization.go index 8557993..e00d5c5 100644 --- a/controller/organization.go +++ b/controller/organization.go @@ -1,6 +1,7 @@ package controller import ( + "errors" "github.com/fy23-gw-gackathon/reportify-backend/entity" "github.com/gin-gonic/gin" "net/http" @@ -98,5 +99,8 @@ func (c *OrganizationController) UpdateOrganization(ctx *gin.Context) (interface } user, _ := ctx.Get(entity.ContextKeyUser) oUser := user.(*entity.OrganizationUser) + if !oUser.IsAdmin { + return nil, entity.NewError(http.StatusForbidden, errors.New("you are not admin")) + } return c.OrganizationUseCase.UpdateOrganization(ctx, oUser.OrganizationID, req.Name, req.Code, req.Mission, req.Vision, req.Value) } diff --git a/infrastructure/middleware/cors.go b/infrastructure/middleware/cors.go index 58e66eb..702642b 100644 --- a/infrastructure/middleware/cors.go +++ b/infrastructure/middleware/cors.go @@ -10,6 +10,9 @@ func Cors(cfg config.Config) gin.HandlerFunc { conf := cors.DefaultConfig() conf.AllowOrigins = cfg.AllowOrigins conf.AllowCredentials = true + conf.AllowMethods = []string{ + "GET", "POST", "PUT", "DELETE", + } conf.AllowHeaders = append(conf.AllowHeaders, "Authorization") return cors.New(conf) } diff --git a/main.go b/main.go index cc50350..d79b042 100644 --- a/main.go +++ b/main.go @@ -50,22 +50,22 @@ func main() { }) app.GET("/users/me", handleResponse(userController.GetMe)) app.PUT("/reports/:reportId", handleResponse(reportController.ReviewReport, http.StatusNoContent)) - orgs := app.Group("/organizations") orgs.Use(middleware.Authentication(userPersistence, cfg)) - orgs.GET("/", handleResponse(organizationController.GetOrganizations)) - org := orgs.Group("/:organizationCode") - org.GET("/", handleResponse(organizationController.GetOrganization)) - org.PUT("/", handleResponse(organizationController.UpdateOrganization)) + { + orgs.GET("/", handleResponse(organizationController.GetOrganizations)) + orgs.GET("/:organizationCode", handleResponse(organizationController.GetOrganization)) + orgs.PUT("/:organizationCode", handleResponse(organizationController.UpdateOrganization)) - org.GET("/reports", handleResponse(reportController.GetReports)) - org.POST("/reports", handleResponse(reportController.CreateReport, http.StatusCreated)) - org.GET("/reports/:reportId", handleResponse(reportController.GetReport)) + orgs.GET("/:organizationCode/reports", handleResponse(reportController.GetReports)) + orgs.POST("/:organizationCode/reports", handleResponse(reportController.CreateReport, http.StatusCreated)) + orgs.GET("/:organizationCode/reports/:reportId", handleResponse(reportController.GetReport)) - org.GET("/users", handleResponse(userController.GetUsers)) - org.POST("/users", handleResponse(userController.InviteUser)) - org.PUT("/users/:userId", handleResponse(userController.UpdateUserRole)) - org.DELETE("/users/:userId", handleResponse(userController.DeleteUser)) + orgs.GET("/:organizationCode/users", handleResponse(userController.GetUsers)) + orgs.POST("/:organizationCode/users", handleResponse(userController.InviteUser)) + orgs.PUT("/:organizationCode/users/:userId", handleResponse(userController.UpdateUserRole)) + orgs.DELETE("/:organizationCode/users/:userId", handleResponse(userController.DeleteUser)) + } runApp(app, cfg.App.Port) }