/
authorization.go
107 lines (83 loc) · 2.57 KB
/
authorization.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package middleware
import (
"github.com/hacktiv8-fp-golang/final-project-02/internal/database"
"github.com/hacktiv8-fp-golang/final-project-02/internal/helper"
"github.com/hacktiv8-fp-golang/final-project-02/internal/model"
"github.com/dgrijalva/jwt-go"
"github.com/gin-gonic/gin"
)
func PhotoAuthorization() gin.HandlerFunc {
return func(context *gin.Context) {
photoId, err := helper.GetIdParam(context, "photoId")
if err != nil {
context.AbortWithStatusJSON(err.Status(), err)
return
}
userData := context.MustGet("userData").(jwt.MapClaims)
userID := uint(userData["id"].(float64))
db := database.GetDB()
photo := model.Photo{}
errMsg := db.Select("user_id").First(&photo, photoId).Error
if errMsg != nil {
err := helper.NotFound("Data not found")
context.AbortWithStatusJSON(err.Status(), err)
return
}
if photo.UserID != userID {
err := helper.Unautorized("You are not allowed to access this data")
context.AbortWithStatusJSON(err.Status(), err)
return
}
context.Next()
}
}
func SocialMediaAuthorization() gin.HandlerFunc {
return func(context *gin.Context) {
socialMediaId, err := helper.GetIdParam(context, "socialMediaId")
if err != nil {
context.AbortWithStatusJSON(err.Status(), err)
return
}
userData := context.MustGet("userData").(jwt.MapClaims)
userID := uint(userData["id"].(float64))
db := database.GetDB()
socialMedia := model.SocialMedia{}
errMsg := db.Select("user_id").First(&socialMedia, socialMediaId).Error
if errMsg != nil {
err := helper.NotFound("Data not found")
context.AbortWithStatusJSON(err.Status(), err)
return
}
if socialMedia.UserID != userID {
err := helper.Unautorized("You are not allowed to access this data")
context.AbortWithStatusJSON(err.Status(), err)
return
}
context.Next()
}
}
func CommentAuthorization() gin.HandlerFunc{
return func(context *gin.Context){
commentId, err := helper.GetIdParam(context, "commentId")
if err != nil {
context.AbortWithStatusJSON(err.Status(), err)
return
}
userData := context.MustGet("userData").(jwt.MapClaims)
userID := uint(userData["id"].(float64))
db := database.GetDB()
comment := model.Comment{}
errMsg := db.Select("user_id").First(&comment, uint(commentId)).Error
if errMsg != nil {
err := helper.NotFound("Data not found")
context.AbortWithStatusJSON(err.Status(), err)
return
}
if comment.UserID != userID {
err := helper.Unautorized("You are not allowed to access this data")
context.AbortWithStatusJSON(err.Status(), err)
return
}
context.Next()
}
}