2017-04-28 10:10:25 +02:00
|
|
|
// Package http provides the
|
|
|
|
// logic of the webserver
|
2017-04-05 20:23:29 +02:00
|
|
|
package http
|
|
|
|
|
|
|
|
import "net/http"
|
|
|
|
|
2017-04-28 10:27:36 +02:00
|
|
|
// format of a function to bind it for the middleware handler
|
2017-04-05 20:23:29 +02:00
|
|
|
type HasPermission func(string, int) (bool, error)
|
|
|
|
|
2017-04-28 10:27:36 +02:00
|
|
|
// Function to evaluate the permission and implent an error handling
|
2017-04-28 10:10:25 +02:00
|
|
|
// Input: http response writer w, pointer to htto request r, bool variable HasPermission perm, int variable permission (form)
|
2017-04-05 20:23:29 +02:00
|
|
|
func PermissionHandler(h func(w http.ResponseWriter, r *http.Request), perm HasPermission, permission int) func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
session, err := r.Cookie("session")
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusNonAuthoritativeInfo)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ok, err := perm(session.Value, permission)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusGatewayTimeout)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ok {
|
|
|
|
h(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
http.Error(w, "Not allowed", http.StatusForbidden)
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|