From 61b141ee9610af1c1cdc2c2c457fc3b6cca6ca11 Mon Sep 17 00:00:00 2001
From: Martin Geno <geno+dev@fireorbit.de>
Date: Fri, 9 Jun 2017 09:42:39 +0200
Subject: [PATCH] [BUGFIX] permission + move from cookie to header + add reset
 at dummy care

---
 http/good_test.go             |  4 ++--
 lib/http/permission.go        |  8 ++------
 lib/http/permission_test.go   | 13 +-----------
 test/testrest.go              |  6 ++----
 webroot/dummy_cart/index.html | 38 +++++++++++++++++++++++------------
 webroot/static/js/global.js   | 13 +++---------
 6 files changed, 35 insertions(+), 47 deletions(-)

diff --git a/http/good_test.go b/http/good_test.go
index 682e25a..1b144ff 100644
--- a/http/good_test.go
+++ b/http/good_test.go
@@ -27,7 +27,7 @@ func TestAddGood(t *testing.T) {
 	}
 
 	_, w := session.JSONRequest("POST", "/api/good/1", good)
-	assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode)
+	assertion.Equal(http.StatusForbidden, w.StatusCode)
 
 	session.Login()
 
@@ -102,7 +102,7 @@ func TestDelGood(t *testing.T) {
 	database.Write.Create(&good)
 
 	_, w := session.JSONRequest("DELETE", "/api/good/1", nil)
-	assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode)
+	assertion.Equal(http.StatusForbidden, w.StatusCode)
 
 	session.Login()
 
diff --git a/lib/http/permission.go b/lib/http/permission.go
index b2f3d24..83be6fe 100644
--- a/lib/http/permission.go
+++ b/lib/http/permission.go
@@ -9,12 +9,8 @@ type HasPermission func(string, int) (bool, error)
 // Function to evaluate the permission and implement an error handling
 func PermissionHandler(h func(w http.ResponseWriter, r *http.Request), perm HasPermission, permission int) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := r.Cookie("session")
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusNonAuthoritativeInfo)
-			return
-		}
-		ok, err := perm(session.Value, permission)
+		session := r.Header.Get("session")
+		ok, err := perm(session, permission)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusGatewayTimeout)
 			return
diff --git a/lib/http/permission_test.go b/lib/http/permission_test.go
index 00c9db1..660fc83 100644
--- a/lib/http/permission_test.go
+++ b/lib/http/permission_test.go
@@ -17,19 +17,8 @@ func TestPermission(t *testing.T) {
 	w := httptest.NewRecorder()
 	r, _ := http.NewRequest("GET", "/", nil)
 
-	// Request without session cookie
-	reached := false
-	PermissionHandler(func(w http.ResponseWriter, r *http.Request) {
-		reached = true
-	}, func(s string, i int) (bool, error) {
-		return true, nil
-	}, 1)(w, r)
-	assert.False(reached)
-
-	r.AddCookie(&http.Cookie{Name: "session"})
-
 	// HasPermission responds true
-	reached = false
+	reached := false
 	PermissionHandler(func(w http.ResponseWriter, r *http.Request) {
 		reached = true
 	}, func(s string, i int) (bool, error) {
diff --git a/test/testrest.go b/test/testrest.go
index 707a837..eb0185f 100644
--- a/test/testrest.go
+++ b/test/testrest.go
@@ -113,14 +113,12 @@ func (r *Request) JSONRequest(method string, url string, body interface{}) (json
 
 // Function to log the current session
 func (r *Request) Login() {
-	r.cookies = nil
-	r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "testsessionkey"})
+	r.Header["session"] = "testsessionkey"
 }
 
 // Function to logout/quit the current session
 func (r *Request) Logout() {
-	r.cookies = nil
-	r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "trashkey"})
+	r.Header["session"] = "trashkey"
 }
 
 // Function to clean the current session
diff --git a/webroot/dummy_cart/index.html b/webroot/dummy_cart/index.html
index 54e06ae..e320443 100644
--- a/webroot/dummy_cart/index.html
+++ b/webroot/dummy_cart/index.html
@@ -1,21 +1,27 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <meta charset="utf-8" />
-  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <link href="/node_modules/semantic-ui-css/semantic.min.css" rel="stylesheet" />
-  <link href="/static/css/main.css" rel="stylesheet" />
-  <title>microStock Dummy Cart</title>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1" />
+	<link href="/node_modules/semantic-ui-css/semantic.min.css" rel="stylesheet" />
+	<link href="/static/css/main.css" rel="stylesheet" />
+	<title>microStock Dummy Cart</title>
 </head>
-<body ng-app="microStockDummieCare">
-  <nav class="ui stackable inverted menu">
-    <div class="ui container">
-      <div class="header item">Dummy Cart</div>
-    </div>
-  </nav>
+<body ng-app="microStockDummieCare" ng-controller="MainCtrl">
+	<nav class="ui stackable inverted menu">
+		<div class="ui container">
+			<div class="header item">Dummy Cart</div>
+			<div class="right menu">
+				<a class="ui item" ng-click="reset()">
+					<i class="undo icon"></i>
+					Reset
+				</a>
+			</div>
+		</div>
+	</nav>
 
-  <div class="ui container" ng-controller="MainCtrl">
+  <div class="ui container">
 		<form class="ui form" ng-submit="add()">
 			<div class="three fields">
 				<div class="field">
@@ -179,6 +185,12 @@
 				});
 			};
 
+			$scope.reset = function reset() {
+				console.log("reset");
+				localStorage.setItem("cart","[]");
+				load();
+			};
+
 		}]);
 	</script>
 </body>
diff --git a/webroot/static/js/global.js b/webroot/static/js/global.js
index 23cc587..a7fa8ab 100644
--- a/webroot/static/js/global.js
+++ b/webroot/static/js/global.js
@@ -1,22 +1,15 @@
 'use strict';
 
 angular.module('microStock')
-  .controller('GlobalCtrl',['$scope',function($scope){
+  .controller('GlobalCtrl',['$scope','$http', function($scope, $http){
     $scope.loggedIn = false;
 
-    function setCookie(cname, cvalue, exdays) {
-      var d = new Date();
-      d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
-      var expires = "expires="+d.toUTCString();
-      document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
-    }
-
     $scope.login = function(){
       if($scope.loggedIn){
-        setCookie("session","logoff",1);
+        $http.defaults.headers.common["session"] = "logoff";
         $scope.loggedIn = false;
       }else {
-        setCookie("session","testsessionkey",1);
+        $http.defaults.headers.common["session"] = "testsessionkey";
         $scope.loggedIn = true;
       }
     };