[BUGFIX] permission + move from cookie to header + add reset at dummy care

http/good_test.go

@@ -27,7 +27,7 @@ func TestAddGood(t *testing.T) {
 	}
 
 	_, w := session.JSONRequest("POST", "/api/good/1", good)
-	assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode)
+	assertion.Equal(http.StatusForbidden, w.StatusCode)
 
 	session.Login()
 
@@ -102,7 +102,7 @@ func TestDelGood(t *testing.T) {
 	database.Write.Create(&good)
 
 	_, w := session.JSONRequest("DELETE", "/api/good/1", nil)
-	assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode)
+	assertion.Equal(http.StatusForbidden, w.StatusCode)
 
 	session.Login()
 

lib/http/permission.go

@@ -9,12 +9,8 @@ type HasPermission func(string, int) (bool, error)
 // Function to evaluate the permission and implement an error handling
 func PermissionHandler(h func(w http.ResponseWriter, r *http.Request), perm HasPermission, permission int) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := r.Cookie("session")
+		session := r.Header.Get("session")
-		if err != nil {
+		ok, err := perm(session, permission)
-			http.Error(w, err.Error(), http.StatusNonAuthoritativeInfo)
-			return
-		}
-		ok, err := perm(session.Value, permission)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusGatewayTimeout)
 			return

lib/http/permission_test.go

@@ -17,19 +17,8 @@ func TestPermission(t *testing.T) {
 	w := httptest.NewRecorder()
 	r, _ := http.NewRequest("GET", "/", nil)
 
-	// Request without session cookie
-	reached := false
-	PermissionHandler(func(w http.ResponseWriter, r *http.Request) {
-		reached = true
-	}, func(s string, i int) (bool, error) {
-		return true, nil
-	}, 1)(w, r)
-	assert.False(reached)
-
-	r.AddCookie(&http.Cookie{Name: "session"})
-
 	// HasPermission responds true
-	reached = false
+	reached := false
 	PermissionHandler(func(w http.ResponseWriter, r *http.Request) {
 		reached = true
 	}, func(s string, i int) (bool, error) {

test/testrest.go

@@ -113,14 +113,12 @@ func (r *Request) JSONRequest(method string, url string, body interface{}) (json
 
 // Function to log the current session
 func (r *Request) Login() {
-	r.cookies = nil
+	r.Header["session"] = "testsessionkey"
-	r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "testsessionkey"})
 }
 
 // Function to logout/quit the current session
 func (r *Request) Logout() {
-	r.cookies = nil
+	r.Header["session"] = "trashkey"
-	r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "trashkey"})
 }
 
 // Function to clean the current session

webroot/dummy_cart/index.html

@@ -8,14 +8,20 @@
 	<link href="/static/css/main.css" rel="stylesheet" />
 	<title>microStock Dummy Cart</title>
 </head>
-<body ng-app="microStockDummieCare">
+<body ng-app="microStockDummieCare" ng-controller="MainCtrl">
 	<nav class="ui stackable inverted menu">
 		<div class="ui container">
 			<div class="header item">Dummy Cart</div>
+			<div class="right menu">
+				<a class="ui item" ng-click="reset()">
+					<i class="undo icon"></i>
+					Reset
+				</a>
+			</div>
 		</div>
 	</nav>
 
-  <div class="ui container" ng-controller="MainCtrl">
+  <div class="ui container">
 		<form class="ui form" ng-submit="add()">
 			<div class="three fields">
 				<div class="field">
@@ -179,6 +185,12 @@
 				});
 			};
 
+			$scope.reset = function reset() {
+				console.log("reset");
+				localStorage.setItem("cart","[]");
+				load();
+			};
+
 		}]);
 	</script>
 </body>

webroot/static/js/global.js

@@ -1,22 +1,15 @@
 'use strict';
 
 angular.module('microStock')
-  .controller('GlobalCtrl',['$scope',function($scope){
+  .controller('GlobalCtrl',['$scope','$http', function($scope, $http){
     $scope.loggedIn = false;
 
-    function setCookie(cname, cvalue, exdays) {
-      var d = new Date();
-      d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
-      var expires = "expires="+d.toUTCString();
-      document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
-    }
-
     $scope.login = function(){
       if($scope.loggedIn){
-        setCookie("session","logoff",1);
+        $http.defaults.headers.common["session"] = "logoff";
         $scope.loggedIn = false;
       }else {
-        setCookie("session","testsessionkey",1);
+        $http.defaults.headers.common["session"] = "testsessionkey";
         $scope.loggedIn = true;
       }
     };