-
Notifications
You must be signed in to change notification settings - Fork 3
/
routesusers.go
103 lines (86 loc) · 2.4 KB
/
routesusers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package main
import (
"github.com/gin-contrib/sessions"
"github.com/gin-gonic/gin"
"gorm.io/gorm"
"net/http"
)
var Permissions = map[string]string{
"factoid.manage": "Manage factoids",
"user.manage": "Manage users",
"hjt.manage": "Manage HJT",
"logs.view": "View logs",
}
func getFlags(c *gin.Context) {
c.JSON(http.StatusOK, Permissions)
}
func setUserFlags(c *gin.Context) {
userId := c.Param("user")
session := sessions.Default(c)
discordId, ok := session.Get("discordId").(string)
if !ok || discordId == "" {
c.AbortWithStatus(http.StatusUnauthorized)
return
}
if discordId == userId {
c.JSON(http.StatusForbidden, Error{Message: "cannot edit yourself"})
return
}
perms := make([]string, 0)
err := c.Bind(&perms)
if err != nil {
c.JSON(http.StatusBadRequest, Error{Message: err.Error()})
return
}
for p := range perms {
if _, ok := Permissions[perms[p]]; !ok {
c.JSON(http.StatusBadRequest, Error{Message: perms[p] + " is not a valid permission"})
return
}
}
var transaction = Database.Begin()
var rollback = true
defer func() {
if rollback {
transaction.Rollback()
}
}()
err = Database.Where(&Permission{DiscordId: userId}).Delete(&Permission{}).Error
if err != nil && gorm.ErrRecordNotFound != err {
c.JSON(http.StatusInternalServerError, Error{Message: err.Error()})
return
}
for p := range perms {
err = Database.Create(&Permission{DiscordId: userId, Permission: perms[p]}).Error
}
if err != nil && gorm.ErrRecordNotFound != err {
c.JSON(http.StatusInternalServerError, Error{Message: err.Error()})
return
}
transaction.Commit()
rollback = false
c.Status(http.StatusNoContent)
}
func getUserFlags(c *gin.Context) {
userId := c.Param("user")
perms := make([]string, 0)
err := Database.Model(&Permission{}).Where(&Permission{DiscordId: userId}).Select("permission").Find(&perms).Error
if err != nil && gorm.ErrRecordNotFound != err {
c.JSON(http.StatusInternalServerError, Error{Message: err.Error()})
return
}
//we have the perms for this user, but let's also get their discord info so it's something we can show
user, err := getUser(userId)
if err != nil {
if err == NoDiscordUser {
c.JSON(http.StatusNotFound, Error{Message: err.Error()})
} else {
c.JSON(http.StatusInternalServerError, Error{Message: err.Error()})
}
return
}
c.JSON(http.StatusOK, map[string]interface{}{
"user": user,
"perms": perms,
})
}