User roles.v0.0.13

author: jloup <jloup@jloup.work> 2018-05-13 15:47:59 +0100
committer: jloup <jloup@jloup.work> 2018-05-13 15:47:59 +0100
commit: cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6 (patch)
tree: 0a5de670cf7f03ab8d582e28c006b643b0c6e22d
parent: 391835378931665f449c2e99dc070292d193409e (diff)
download: Front-cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6.tar.gz
Front-cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6.tar.zst
Front-cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6.zip
4 files changed, 38 insertions, 2 deletions
diff --git a/api/routes.go b/api/routes.go
index 404f821..3adbfe9 100644
--- a/api/routes.go
+++ b/api/routes.go
@@ -55,6 +55,11 @@ var Groups = []Group{
                        {"GET", []gin.HandlerFunc{UserAccount}, "/account"},
                },
        },
+        {
+                "/admin",
+                []Middleware{JwtAuth, UserConfirmed, UserIsAdmin, OtpAuth},
+                []Route{},
+        },
 }
 func Signup(c *gin.Context) {
diff --git a/api/user.go b/api/user.go
index a2737fd..bc24bbb 100644
--- a/api/user.go
+++ b/api/user.go
@@ -30,6 +30,20 @@ func UserConfirmed(c *gin.Context) *Error {
        return nil
 }
+func UserIsAdmin(c *gin.Context) *Error {
+        user, exists := c.Get("user")
+        if !exists {
+                return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
+        }
+        if user.(db.User).Role != db.RoleAdmin {
+                return &Error{NotAuthorized, "not authorized", fmt.Errorf("user '%v' is not admin", user)}
+        }
+        return nil
+}
 func GetUser(c *gin.Context) db.User {
        user, _ := c.Get("user")
diff --git a/db/migrations.go b/db/migrations.go
index f0df49c..e8fc40d 100644
--- a/db/migrations.go
+++ b/db/migrations.go
@@ -89,4 +89,15 @@ var migrations []Migration = []Migration{
                        "DROP TYPE market_config_status",
                },
        },
+        {
+                Version: 201805131000,
+                Up: []string{
+                        "CREATE TYPE user_role AS ENUM ('admin', 'user')",
+                        "ALTER TABLE users ADD role user_role NOT NULL DEFAULT 'user'",
+                },
+                Down: []string{
+                        "ALTER TABLE users DROP COLUMN role",
+                        "DROP TYPE user_role",
+                },
+        },
 }
diff --git a/db/user.go b/db/user.go
index 64ca6a6..24ce491 100644
--- a/db/user.go
+++ b/db/user.go
@@ -11,10 +11,16 @@ const (
        AwaitingConfirmation
 )
+type UserRole string
+const RoleUser UserRole = "user"
+const RoleAdmin UserRole = "admin"
 type User struct {
        Id           int64
-        Email        string `sql:",unique,notnull"`
+        Role         UserRole
-        PasswordHash string `sql:",notnull"`
+        Email        string
+        PasswordHash string
        OtpSecret    string
        IsOtpSetup   bool
        Status       UserStatus
author	jloup <jloup@jloup.work>	2018-05-13 15:47:59 +0100
committer	jloup <jloup@jloup.work>	2018-05-13 15:47:59 +0100
commit	cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6 (patch)
tree	0a5de670cf7f03ab8d582e28c006b643b0c6e22d
parent	391835378931665f449c2e99dc070292d193409e (diff)
download	Front-cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6.tar.gz Front-cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6.tar.zst Front-cf5bb85cede5b05b58ed2b40460d0b913e8b2cf6.zip

diff --git a/api/routes.go b/api/routes.go index 404f821..3adbfe9 100644 --- a/api/routes.go +++ b/api/routes.go
@@ -55,6 +55,11 @@ var Groups = []Group{
55	{"GET", []gin.HandlerFunc{UserAccount}, "/account"},	55	{"GET", []gin.HandlerFunc{UserAccount}, "/account"},
56	},	56	},
57	},	57	},
		58	{
		59	"/admin",
		60	[]Middleware{JwtAuth, UserConfirmed, UserIsAdmin, OtpAuth},
		61	[]Route{},
		62	},
58	}	63	}
59		64
60	func Signup(c *gin.Context) {	65	func Signup(c *gin.Context) {


diff --git a/api/user.go b/api/user.go index a2737fd..bc24bbb 100644 --- a/api/user.go +++ b/api/user.go
@@ -30,6 +30,20 @@ func UserConfirmed(c gin.Context) Error {
30	return nil	30	return nil
31	}	31	}
32		32
		33	func UserIsAdmin(c gin.Context) Error {
		34	user, exists := c.Get("user")
		35
		36	if !exists {
		37	return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
		38	}
		39
		40	if user.(db.User).Role != db.RoleAdmin {
		41	return &Error{NotAuthorized, "not authorized", fmt.Errorf("user '%v' is not admin", user)}
		42	}
		43
		44	return nil
		45	}
		46
33	func GetUser(c *gin.Context) db.User {	47	func GetUser(c *gin.Context) db.User {
34	user, _ := c.Get("user")	48	user, _ := c.Get("user")
35		49


diff --git a/db/migrations.go b/db/migrations.go index f0df49c..e8fc40d 100644 --- a/db/migrations.go +++ b/db/migrations.go
@@ -89,4 +89,15 @@ var migrations []Migration = []Migration{
89	"DROP TYPE market_config_status",	89	"DROP TYPE market_config_status",
90	},	90	},
91	},	91	},
		92	{
		93	Version: 201805131000,
		94	Up: []string{
		95	"CREATE TYPE user_role AS ENUM ('admin', 'user')",
		96	"ALTER TABLE users ADD role user_role NOT NULL DEFAULT 'user'",
		97	},
		98	Down: []string{
		99	"ALTER TABLE users DROP COLUMN role",
		100	"DROP TYPE user_role",
		101	},
		102	},
92	}	103	}


diff --git a/db/user.go b/db/user.go index 64ca6a6..24ce491 100644 --- a/db/user.go +++ b/db/user.go
@@ -11,10 +11,16 @@ const (
11	AwaitingConfirmation	11	AwaitingConfirmation
12	)	12	)
13		13
		14	type UserRole string
		15
		16	const RoleUser UserRole = "user"
		17	const RoleAdmin UserRole = "admin"
		18
14	type User struct {	19	type User struct {
15	Id int64	20	Id int64
16	Email string `sql:",unique,notnull"`	21	Role UserRole
17	PasswordHash string `sql:",notnull"`	22	Email string
		23	PasswordHash string
18	OtpSecret string	24	OtpSecret string
19	IsOtpSetup bool	25	IsOtpSetup bool
20	Status UserStatus	26	Status UserStatus