// backend/authz.go package main import "net/http" func userHasRight(user User, right string) bool { for _, userRight := range user.Rights { if userRight == "admin" || userRight == right { return true } } return false } func (s *Server) requireRight(right string, next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, ok := userFromContext(r.Context()) if !ok { writeError(w, http.StatusUnauthorized, "Unauthorized") return } if !userHasRight(user, right) { writeError(w, http.StatusForbidden, "Keine Berechtigung") return } next(w, r) } }