33 lines
631 B
Go
33 lines
631 B
Go
// backend/authz.go
|
|
|
|
package main
|
|
|
|
import "net/http"
|
|
|
|
func userHasRight(user User, right string) bool {
|
|
for _, userRight := range user.Rights {
|
|
if userRight == "admin" || userRight == right {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func (s *Server) requireRight(right string, next http.HandlerFunc) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
user, ok := userFromContext(r.Context())
|
|
if !ok {
|
|
writeError(w, http.StatusUnauthorized, "Unauthorized")
|
|
return
|
|
}
|
|
|
|
if !userHasRight(user, right) {
|
|
writeError(w, http.StatusForbidden, "Keine Berechtigung")
|
|
return
|
|
}
|
|
|
|
next(w, r)
|
|
}
|
|
}
|