[BUGFIX] permission + move from cookie to header + add reset at dummy care

2017-06-09 09:42:39 +02:00 · 2017-06-09 09:42:39 +02:00 · 61b141ee96
parent d28dba0330
commit 61b141ee96
6 changed files with 35 additions and 47 deletions
--- a/http/good_test.go
+++ b/http/good_test.go
@ -27,7 +27,7 @@ func TestAddGood(t *testing.T) {
 	}

 	_, w := session.JSONRequest("POST", "/api/good/1", good)
-	assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode)
+	assertion.Equal(http.StatusForbidden, w.StatusCode)

 	session.Login()

@ -102,7 +102,7 @@ func TestDelGood(t *testing.T) {
 	database.Write.Create(&good)

 	_, w := session.JSONRequest("DELETE", "/api/good/1", nil)
-	assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode)
+	assertion.Equal(http.StatusForbidden, w.StatusCode)

 	session.Login()

--- a/lib/http/permission.go
+++ b/lib/http/permission.go
@ -9,12 +9,8 @@ type HasPermission func(string, int) (bool, error)
 // Function to evaluate the permission and implement an error handling
 func PermissionHandler(h func(w http.ResponseWriter, r *http.Request), perm HasPermission, permission int) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := r.Cookie("session")
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusNonAuthoritativeInfo)
-			return
-		}
-		ok, err := perm(session.Value, permission)
+		session := r.Header.Get("session")
+		ok, err := perm(session, permission)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusGatewayTimeout)
 			return
--- a/lib/http/permission_test.go
+++ b/lib/http/permission_test.go
@ -17,19 +17,8 @@ func TestPermission(t *testing.T) {
 	w := httptest.NewRecorder()
 	r, _ := http.NewRequest("GET", "/", nil)

-	// Request without session cookie
-	reached := false
-	PermissionHandler(func(w http.ResponseWriter, r *http.Request) {
-		reached = true
-	}, func(s string, i int) (bool, error) {
-		return true, nil
-	}, 1)(w, r)
-	assert.False(reached)
-
-	r.AddCookie(&http.Cookie{Name: "session"})
-
 	// HasPermission responds true
-	reached = false
+	reached := false
 	PermissionHandler(func(w http.ResponseWriter, r *http.Request) {
 		reached = true
 	}, func(s string, i int) (bool, error) {
--- a/test/testrest.go
+++ b/test/testrest.go
@ -113,14 +113,12 @@ func (r *Request) JSONRequest(method string, url string, body interface{}) (json

 // Function to log the current session
 func (r *Request) Login() {
-	r.cookies = nil
-	r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "testsessionkey"})
+	r.Header["session"] = "testsessionkey"
 }

 // Function to logout/quit the current session
 func (r *Request) Logout() {
-	r.cookies = nil
-	r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "trashkey"})
+	r.Header["session"] = "trashkey"
 }

 // Function to clean the current session
--- a/webroot/dummy_cart/index.html
+++ b/webroot/dummy_cart/index.html
@ -1,21 +1,27 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <meta charset="utf-8" />
-  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <link href="/node_modules/semantic-ui-css/semantic.min.css" rel="stylesheet" />
-  <link href="/static/css/main.css" rel="stylesheet" />
-  <title>microStock Dummy Cart</title>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1" />
+	<link href="/node_modules/semantic-ui-css/semantic.min.css" rel="stylesheet" />
+	<link href="/static/css/main.css" rel="stylesheet" />
+	<title>microStock Dummy Cart</title>
 </head>
-<body ng-app="microStockDummieCare">
-  <nav class="ui stackable inverted menu">
-    <div class="ui container">
-      <div class="header item">Dummy Cart</div>
-    </div>
-  </nav>
+<body ng-app="microStockDummieCare" ng-controller="MainCtrl">
+	<nav class="ui stackable inverted menu">
+		<div class="ui container">
+			<div class="header item">Dummy Cart</div>
+			<div class="right menu">
+				<a class="ui item" ng-click="reset()">
+					<i class="undo icon"></i>
+					Reset
+				</a>
+			</div>
+		</div>
+	</nav>

-  <div class="ui container" ng-controller="MainCtrl">
+  <div class="ui container">
 		<form class="ui form" ng-submit="add()">
 			<div class="three fields">
 				<div class="field">
@ -179,6 +185,12 @@
 				});
 			};

+			$scope.reset = function reset() {
+				console.log("reset");
+				localStorage.setItem("cart","[]");
+				load();
+			};
+
 		}]);
 	</script>
 </body>
--- a/webroot/static/js/global.js
+++ b/webroot/static/js/global.js
@ -1,22 +1,15 @@
 'use strict';

 angular.module('microStock')
-  .controller('GlobalCtrl',['$scope',function($scope){
+  .controller('GlobalCtrl',['$scope','$http', function($scope, $http){
    $scope.loggedIn = false;

-    function setCookie(cname, cvalue, exdays) {
-      var d = new Date();
-      d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
-      var expires = "expires="+d.toUTCString();
-      document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
-    }
-
    $scope.login = function(){
      if($scope.loggedIn){
-        setCookie("session","logoff",1);
+        $http.defaults.headers.common["session"] = "logoff";
        $scope.loggedIn = false;
      }else {
-        setCookie("session","testsessionkey",1);
+        $http.defaults.headers.common["session"] = "testsessionkey";
        $scope.loggedIn = true;
      }
    };