Working on authorization

This commit is contained in:
Andrea Fazzi 2019-12-04 10:11:18 +01:00
parent 1600110f6d
commit 519f6438b5
6 changed files with 261 additions and 13 deletions

201
compose/sql/oef_dev.sql Normal file
View file

@ -0,0 +1,201 @@
-- MariaDB dump 10.17 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64)
--
-- Host: localhost Database: oef_test
-- ------------------------------------------------------
-- Server version 10.4.8-MariaDB-1:10.4.8+maria~bionic
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `answers`
--
DROP TABLE IF EXISTS `answers`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `answers` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`text` varchar(255) DEFAULT NULL,
`correct` tinyint(1) DEFAULT NULL,
`question_id` int(10) unsigned DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `idx_answers_deleted_at` (`deleted_at`)
) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `answers`
--
LOCK TABLES `answers` WRITE;
/*!40000 ALTER TABLE `answers` DISABLE KEYS */;
INSERT INTO `answers` VALUES (1,'2019-11-13 15:44:39','2019-11-13 15:44:39',NULL,'la quantità di moneta che viene richiesta dalle imprese sotto forma di prestiti richiesti al sistema bancario',0,1),(2,'2019-11-14 11:48:06','2019-11-14 11:48:06',NULL,'la quantità di moneta richiesta dalla Banca Centrale quando mette in vendita dei titoli per ridurre la moneta in circolazione',0,1),(3,'2019-11-14 11:48:28','2019-11-14 11:48:28',NULL,'la quantità di moneta richiesta dalle famiglie per mantenere in forma liquida i loro risparmi',0,1),(4,'2019-11-14 11:49:05','2019-11-14 12:21:09',NULL,'la quantità di moneta richiesta dai soggetti del sistema economico per transazioni, per ragioni speculative o prudenziali o per altri motivi',1,1),(5,'2019-11-15 10:17:49','2019-11-15 10:17:49',NULL,'elevata differenziazione dei prodotti offerti',0,2),(6,'2019-11-15 10:18:14','2019-11-15 10:18:53',NULL,'trasparenza delle informazioni',1,2),(7,'2019-11-15 10:18:29','2019-11-15 10:18:29',NULL,'presenza di un solo consumatore',0,2),(8,'2019-11-15 10:18:44','2019-11-15 10:18:44',NULL,'presenza di un numero limitato di grandi produttori',0,2),(9,'2019-11-15 10:23:11','2019-11-15 10:23:11',NULL,'un ciclo economico',0,3),(10,'2019-11-15 10:23:24','2019-11-15 10:23:35',NULL,'l\'attività di trasformazione materiale di beni e servizi (input) in altri (output) al fine di accrescerne l\'utilità',1,3),(11,'2019-11-15 10:23:47','2019-11-15 10:23:47',NULL,'l\'insieme dei beni di produzione',0,3),(12,'2019-11-15 10:23:59','2019-11-15 10:23:59',NULL,'il risultato del lavoro dei dipendenti dell\'impresa',0,3);
/*!40000 ALTER TABLE `answers` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `contests`
--
DROP TABLE IF EXISTS `contests`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `contests` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`name` varchar(255) DEFAULT NULL,
`category` varchar(255) DEFAULT NULL,
`start_date` timestamp NULL DEFAULT NULL,
`end_date` timestamp NULL DEFAULT NULL,
`start_time` timestamp NULL DEFAULT NULL,
`end_time` timestamp NULL DEFAULT NULL,
`date` timestamp NULL DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `idx_contests_deleted_at` (`deleted_at`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `contests`
--
LOCK TABLES `contests` WRITE;
/*!40000 ALTER TABLE `contests` DISABLE KEYS */;
INSERT INTO `contests` VALUES (1,'2019-11-14 10:02:17','2019-11-18 15:57:14',NULL,'Regionale JUNIOR','','0000-00-00 00:00:00','0000-00-00 00:00:00','2020-04-01 10:00:00','2020-04-01 11:00:00','2020-04-01 10:00:00'),(2,'2019-11-15 10:15:57','2019-11-18 15:58:55',NULL,'Test Diagnostico','',NULL,NULL,'2019-11-15 13:00:00','2019-11-15 14:00:00','2019-11-15 13:00:00');
/*!40000 ALTER TABLE `contests` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `participants`
--
DROP TABLE IF EXISTS `participants`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `participants` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`firstname` varchar(255) DEFAULT NULL,
`lastname` varchar(255) DEFAULT NULL,
`username` varchar(255) DEFAULT NULL,
`password` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `idx_participants_deleted_at` (`deleted_at`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `participants`
--
LOCK TABLES `participants` WRITE;
/*!40000 ALTER TABLE `participants` DISABLE KEYS */;
INSERT INTO `participants` VALUES (1,'2019-11-15 10:02:46','2019-11-18 15:58:55',NULL,'Mario','Rossi','mario.rossi','EqAs1z7M'),(2,'2019-11-18 12:00:07','2019-11-18 15:57:14',NULL,'Luigi','BIANCHI','luigi.bianchi','FpWJj89n'),(3,'2019-11-18 12:01:55','2019-11-18 12:12:26',NULL,'Francesco','VERDI','francesco.verdi','MiJ9Ig4L'),(4,'2019-11-18 15:57:36','2019-11-18 15:57:36',NULL,'Franco','neri','franco.neri','YtGGU28p');
/*!40000 ALTER TABLE `participants` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `questions`
--
DROP TABLE IF EXISTS `questions`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `questions` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`text` varchar(255) DEFAULT NULL,
`contest_id` int(10) unsigned DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `idx_questions_deleted_at` (`deleted_at`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `questions`
--
LOCK TABLES `questions` WRITE;
/*!40000 ALTER TABLE `questions` DISABLE KEYS */;
INSERT INTO `questions` VALUES (1,'2019-11-13 14:45:17','2019-11-14 12:21:09',NULL,'Cosa si intende per domanda di moneta?',1),(2,'2019-11-15 10:17:24','2019-11-15 10:18:53',NULL,'È una caratteristica della concorrenza perfetta',2),(3,'2019-11-15 10:21:14','2019-11-15 10:23:35',NULL,'La produzione è',2);
/*!40000 ALTER TABLE `questions` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `responses`
--
DROP TABLE IF EXISTS `responses`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `responses` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `idx_responses_deleted_at` (`deleted_at`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `responses`
--
LOCK TABLES `responses` WRITE;
/*!40000 ALTER TABLE `responses` DISABLE KEYS */;
/*!40000 ALTER TABLE `responses` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `subscriptions`
--
DROP TABLE IF EXISTS `subscriptions`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `subscriptions` (
`participant_id` int(10) unsigned NOT NULL,
`contest_id` int(10) unsigned NOT NULL,
PRIMARY KEY (`participant_id`,`contest_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `subscriptions`
--
LOCK TABLES `subscriptions` WRITE;
/*!40000 ALTER TABLE `subscriptions` DISABLE KEYS */;
INSERT INTO `subscriptions` VALUES (1,2),(2,1),(2,2),(3,2);
/*!40000 ALTER TABLE `subscriptions` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2019-11-18 16:05:30

View file

@ -13,6 +13,8 @@ import (
"strconv" "strconv"
"strings" "strings"
"git.andreafazzi.eu/andrea/oef/config"
"git.andreafazzi.eu/andrea/oef/i18n"
"git.andreafazzi.eu/andrea/oef/orm" "git.andreafazzi.eu/andrea/oef/orm"
"git.andreafazzi.eu/andrea/oef/renderer" "git.andreafazzi.eu/andrea/oef/renderer"
@ -177,6 +179,19 @@ func recoverHandler(next http.Handler) http.Handler {
return http.HandlerFunc(fn) return http.HandlerFunc(fn)
} }
func setFlashMessage(w http.ResponseWriter, r *http.Request, key string) error {
session, err := store.Get(r, "flash-session")
if err != nil {
return err
}
session.AddFlash(i18n.FlashMessages[key][config.Config.Language])
err = session.Save(r, w)
if err != nil {
return err
}
return nil
}
func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPattern) { func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPattern) {
format := r.URL.Query().Get("format") format := r.URL.Query().Get("format")
getFn, err := orm.GetFunc(pattern.Path(model)) getFn, err := orm.GetFunc(pattern.Path(model))
@ -184,11 +199,20 @@ func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPatte
log.Println("Error:", err) log.Println("Error:", err)
respondWithError(w, r, err) respondWithError(w, r, err)
} else { } else {
data, err := getFn(mux.Vars(r), w, r) claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
if err != nil {
renderer.Render[format](w, r, err) role := claims["role"].(string)
if role == "participant" {
setFlashMessage(w, r, "notAuthorized")
renderer.Render[format](w, r, fmt.Errorf("%s", "Errore"))
} else { } else {
renderer.Render[format](w, r, data, r.URL.Query())
data, err := getFn(mux.Vars(r), w, r)
if err != nil {
renderer.Render[format](w, r, err)
} else {
renderer.Render[format](w, r, data, r.URL.Query())
}
} }
} }

View file

@ -8,5 +8,8 @@ var (
"schoolExists": map[string]string{ "schoolExists": map[string]string{
"it": "Una scuola con questo codice meccanografico è già presente nella base dati!", "it": "Una scuola con questo codice meccanografico è già presente nella base dati!",
}, },
"notAuthorized": map[string]string{
"it": "L'utente non dispone delle autorizzazioni necessarie a visualizzare questa pagina.",
},
} }
) )

View file

@ -18,7 +18,7 @@ import (
const ( const (
MaxNumRetries = 20 MaxNumRetries = 20
RetryTimeInterval = 5 RetryTimeInterval = 10
) )
var ( var (

View file

@ -236,15 +236,30 @@ func (rend *HTMLRenderer) writeError(w http.ResponseWriter, r *http.Request, dat
log.Println(data.(*htmlTemplateData).Data.(error)) log.Println(data.(*htmlTemplateData).Data.(error))
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
e := t.ExecuteTemplate(w, "error", data) e := t.ExecuteTemplate(w, "base", data)
if e != nil { if e != nil {
panic(e) panic(e)
} }
} }
func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data interface{}, options ...url.Values) { func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data interface{}, options ...url.Values) {
var claims jwt.MapClaims
if r.Context().Value("user") != nil {
claims = r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
}
if data != nil && isErrorType(data) { if data != nil && isErrorType(data) {
rend.writeError(w, r, &htmlTemplateData{data.(error), nil, nil, nil}) session, err := store.Get(r, "flash-session")
if err != nil {
rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil})
}
fm := session.Flashes()
err = session.Save(r, w)
if err != nil {
rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil})
}
rend.writeError(w, r, &htmlTemplateData{data.(error), nil, claims, fm})
} else { } else {
t, ok := rend.templates[options[0]["tpl_content"][0]] t, ok := rend.templates[options[0]["tpl_content"][0]]
if !ok { if !ok {
@ -252,12 +267,6 @@ func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data in
rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil}) rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil})
} }
var claims jwt.MapClaims
if r.Context().Value("user") != nil {
claims = r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
}
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
session, err := store.Get(r, "flash-session") session, err := store.Get(r, "flash-session")

View file

@ -21,6 +21,17 @@
</button> </button>
</nav> </nav>
{{if .FlashMessages}}
{{range $message := .FlashMessages}}
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<strong>Attenzione!</strong> {{$message}}
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
{{end}}
{{end}}
<div class="base-template"> <div class="base-template">
{{ template "content" . }} {{ template "content" . }}
</div> </div>