teg/backend/authz.go
2026-05-19 18:07:22 +02:00

33 lines
631 B
Go

// backend/authz.go
package main
import "net/http"
func userHasRight(user User, right string) bool {
for _, userRight := range user.Rights {
if userRight == "admin" || userRight == right {
return true
}
}
return false
}
func (s *Server) requireRight(right string, next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, ok := userFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "Unauthorized")
return
}
if !userHasRight(user, right) {
writeError(w, http.StatusForbidden, "Keine Berechtigung")
return
}
next(w, r)
}
}