Working on authorization
This commit is contained in:
parent
1600110f6d
commit
519f6438b5
6 changed files with 261 additions and 13 deletions
201
compose/sql/oef_dev.sql
Normal file
201
compose/sql/oef_dev.sql
Normal file
|
@ -0,0 +1,201 @@
|
|||
-- MariaDB dump 10.17 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64)
|
||||
--
|
||||
-- Host: localhost Database: oef_test
|
||||
-- ------------------------------------------------------
|
||||
-- Server version 10.4.8-MariaDB-1:10.4.8+maria~bionic
|
||||
|
||||
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
||||
/*!40101 SET NAMES utf8mb4 */;
|
||||
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
|
||||
/*!40103 SET TIME_ZONE='+00:00' */;
|
||||
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
|
||||
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
|
||||
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
|
||||
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
|
||||
|
||||
--
|
||||
-- Table structure for table `answers`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `answers`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `answers` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`text` varchar(255) DEFAULT NULL,
|
||||
`correct` tinyint(1) DEFAULT NULL,
|
||||
`question_id` int(10) unsigned DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `idx_answers_deleted_at` (`deleted_at`)
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=latin1;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Dumping data for table `answers`
|
||||
--
|
||||
|
||||
LOCK TABLES `answers` WRITE;
|
||||
/*!40000 ALTER TABLE `answers` DISABLE KEYS */;
|
||||
INSERT INTO `answers` VALUES (1,'2019-11-13 15:44:39','2019-11-13 15:44:39',NULL,'la quantità di moneta che viene richiesta dalle imprese sotto forma di prestiti richiesti al sistema bancario',0,1),(2,'2019-11-14 11:48:06','2019-11-14 11:48:06',NULL,'la quantità di moneta richiesta dalla Banca Centrale quando mette in vendita dei titoli per ridurre la moneta in circolazione',0,1),(3,'2019-11-14 11:48:28','2019-11-14 11:48:28',NULL,'la quantità di moneta richiesta dalle famiglie per mantenere in forma liquida i loro risparmi',0,1),(4,'2019-11-14 11:49:05','2019-11-14 12:21:09',NULL,'la quantità di moneta richiesta dai soggetti del sistema economico per transazioni, per ragioni speculative o prudenziali o per altri motivi',1,1),(5,'2019-11-15 10:17:49','2019-11-15 10:17:49',NULL,'elevata differenziazione dei prodotti offerti',0,2),(6,'2019-11-15 10:18:14','2019-11-15 10:18:53',NULL,'trasparenza delle informazioni',1,2),(7,'2019-11-15 10:18:29','2019-11-15 10:18:29',NULL,'presenza di un solo consumatore',0,2),(8,'2019-11-15 10:18:44','2019-11-15 10:18:44',NULL,'presenza di un numero limitato di grandi produttori',0,2),(9,'2019-11-15 10:23:11','2019-11-15 10:23:11',NULL,'un ciclo economico',0,3),(10,'2019-11-15 10:23:24','2019-11-15 10:23:35',NULL,'l\'attività di trasformazione materiale di beni e servizi (input) in altri (output) al fine di accrescerne l\'utilità',1,3),(11,'2019-11-15 10:23:47','2019-11-15 10:23:47',NULL,'l\'insieme dei beni di produzione',0,3),(12,'2019-11-15 10:23:59','2019-11-15 10:23:59',NULL,'il risultato del lavoro dei dipendenti dell\'impresa',0,3);
|
||||
/*!40000 ALTER TABLE `answers` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
|
||||
--
|
||||
-- Table structure for table `contests`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `contests`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `contests` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`name` varchar(255) DEFAULT NULL,
|
||||
`category` varchar(255) DEFAULT NULL,
|
||||
`start_date` timestamp NULL DEFAULT NULL,
|
||||
`end_date` timestamp NULL DEFAULT NULL,
|
||||
`start_time` timestamp NULL DEFAULT NULL,
|
||||
`end_time` timestamp NULL DEFAULT NULL,
|
||||
`date` timestamp NULL DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `idx_contests_deleted_at` (`deleted_at`)
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Dumping data for table `contests`
|
||||
--
|
||||
|
||||
LOCK TABLES `contests` WRITE;
|
||||
/*!40000 ALTER TABLE `contests` DISABLE KEYS */;
|
||||
INSERT INTO `contests` VALUES (1,'2019-11-14 10:02:17','2019-11-18 15:57:14',NULL,'Regionale JUNIOR','','0000-00-00 00:00:00','0000-00-00 00:00:00','2020-04-01 10:00:00','2020-04-01 11:00:00','2020-04-01 10:00:00'),(2,'2019-11-15 10:15:57','2019-11-18 15:58:55',NULL,'Test Diagnostico','',NULL,NULL,'2019-11-15 13:00:00','2019-11-15 14:00:00','2019-11-15 13:00:00');
|
||||
/*!40000 ALTER TABLE `contests` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
|
||||
--
|
||||
-- Table structure for table `participants`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `participants`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `participants` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`firstname` varchar(255) DEFAULT NULL,
|
||||
`lastname` varchar(255) DEFAULT NULL,
|
||||
`username` varchar(255) DEFAULT NULL,
|
||||
`password` varchar(255) DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `idx_participants_deleted_at` (`deleted_at`)
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Dumping data for table `participants`
|
||||
--
|
||||
|
||||
LOCK TABLES `participants` WRITE;
|
||||
/*!40000 ALTER TABLE `participants` DISABLE KEYS */;
|
||||
INSERT INTO `participants` VALUES (1,'2019-11-15 10:02:46','2019-11-18 15:58:55',NULL,'Mario','Rossi','mario.rossi','EqAs1z7M'),(2,'2019-11-18 12:00:07','2019-11-18 15:57:14',NULL,'Luigi','BIANCHI','luigi.bianchi','FpWJj89n'),(3,'2019-11-18 12:01:55','2019-11-18 12:12:26',NULL,'Francesco','VERDI','francesco.verdi','MiJ9Ig4L'),(4,'2019-11-18 15:57:36','2019-11-18 15:57:36',NULL,'Franco','neri','franco.neri','YtGGU28p');
|
||||
/*!40000 ALTER TABLE `participants` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
|
||||
--
|
||||
-- Table structure for table `questions`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `questions`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `questions` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`text` varchar(255) DEFAULT NULL,
|
||||
`contest_id` int(10) unsigned DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `idx_questions_deleted_at` (`deleted_at`)
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Dumping data for table `questions`
|
||||
--
|
||||
|
||||
LOCK TABLES `questions` WRITE;
|
||||
/*!40000 ALTER TABLE `questions` DISABLE KEYS */;
|
||||
INSERT INTO `questions` VALUES (1,'2019-11-13 14:45:17','2019-11-14 12:21:09',NULL,'Cosa si intende per domanda di moneta?',1),(2,'2019-11-15 10:17:24','2019-11-15 10:18:53',NULL,'È una caratteristica della concorrenza perfetta',2),(3,'2019-11-15 10:21:14','2019-11-15 10:23:35',NULL,'La produzione è',2);
|
||||
/*!40000 ALTER TABLE `questions` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
|
||||
--
|
||||
-- Table structure for table `responses`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `responses`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `responses` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `idx_responses_deleted_at` (`deleted_at`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Dumping data for table `responses`
|
||||
--
|
||||
|
||||
LOCK TABLES `responses` WRITE;
|
||||
/*!40000 ALTER TABLE `responses` DISABLE KEYS */;
|
||||
/*!40000 ALTER TABLE `responses` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
|
||||
--
|
||||
-- Table structure for table `subscriptions`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `subscriptions`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `subscriptions` (
|
||||
`participant_id` int(10) unsigned NOT NULL,
|
||||
`contest_id` int(10) unsigned NOT NULL,
|
||||
PRIMARY KEY (`participant_id`,`contest_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Dumping data for table `subscriptions`
|
||||
--
|
||||
|
||||
LOCK TABLES `subscriptions` WRITE;
|
||||
/*!40000 ALTER TABLE `subscriptions` DISABLE KEYS */;
|
||||
INSERT INTO `subscriptions` VALUES (1,2),(2,1),(2,2),(3,2);
|
||||
/*!40000 ALTER TABLE `subscriptions` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
|
||||
|
||||
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
|
||||
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
|
||||
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
|
||||
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
||||
|
||||
-- Dump completed on 2019-11-18 16:05:30
|
|
@ -13,6 +13,8 @@ import (
|
|||
"strconv"
|
||||
"strings"
|
||||
|
||||
"git.andreafazzi.eu/andrea/oef/config"
|
||||
"git.andreafazzi.eu/andrea/oef/i18n"
|
||||
"git.andreafazzi.eu/andrea/oef/orm"
|
||||
"git.andreafazzi.eu/andrea/oef/renderer"
|
||||
|
||||
|
@ -177,6 +179,19 @@ func recoverHandler(next http.Handler) http.Handler {
|
|||
return http.HandlerFunc(fn)
|
||||
}
|
||||
|
||||
func setFlashMessage(w http.ResponseWriter, r *http.Request, key string) error {
|
||||
session, err := store.Get(r, "flash-session")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
session.AddFlash(i18n.FlashMessages[key][config.Config.Language])
|
||||
err = session.Save(r, w)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPattern) {
|
||||
format := r.URL.Query().Get("format")
|
||||
getFn, err := orm.GetFunc(pattern.Path(model))
|
||||
|
@ -184,6 +199,14 @@ func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPatte
|
|||
log.Println("Error:", err)
|
||||
respondWithError(w, r, err)
|
||||
} else {
|
||||
claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
|
||||
|
||||
role := claims["role"].(string)
|
||||
if role == "participant" {
|
||||
setFlashMessage(w, r, "notAuthorized")
|
||||
renderer.Render[format](w, r, fmt.Errorf("%s", "Errore"))
|
||||
} else {
|
||||
|
||||
data, err := getFn(mux.Vars(r), w, r)
|
||||
if err != nil {
|
||||
renderer.Render[format](w, r, err)
|
||||
|
@ -191,6 +214,7 @@ func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPatte
|
|||
renderer.Render[format](w, r, data, r.URL.Query())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -8,5 +8,8 @@ var (
|
|||
"schoolExists": map[string]string{
|
||||
"it": "Una scuola con questo codice meccanografico è già presente nella base dati!",
|
||||
},
|
||||
"notAuthorized": map[string]string{
|
||||
"it": "L'utente non dispone delle autorizzazioni necessarie a visualizzare questa pagina.",
|
||||
},
|
||||
}
|
||||
)
|
||||
|
|
2
main.go
2
main.go
|
@ -18,7 +18,7 @@ import (
|
|||
|
||||
const (
|
||||
MaxNumRetries = 20
|
||||
RetryTimeInterval = 5
|
||||
RetryTimeInterval = 10
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
@ -236,15 +236,30 @@ func (rend *HTMLRenderer) writeError(w http.ResponseWriter, r *http.Request, dat
|
|||
log.Println(data.(*htmlTemplateData).Data.(error))
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
e := t.ExecuteTemplate(w, "error", data)
|
||||
e := t.ExecuteTemplate(w, "base", data)
|
||||
if e != nil {
|
||||
panic(e)
|
||||
}
|
||||
}
|
||||
|
||||
func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data interface{}, options ...url.Values) {
|
||||
var claims jwt.MapClaims
|
||||
|
||||
if r.Context().Value("user") != nil {
|
||||
claims = r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
|
||||
}
|
||||
|
||||
if data != nil && isErrorType(data) {
|
||||
rend.writeError(w, r, &htmlTemplateData{data.(error), nil, nil, nil})
|
||||
session, err := store.Get(r, "flash-session")
|
||||
if err != nil {
|
||||
rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil})
|
||||
}
|
||||
fm := session.Flashes()
|
||||
err = session.Save(r, w)
|
||||
if err != nil {
|
||||
rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil})
|
||||
}
|
||||
rend.writeError(w, r, &htmlTemplateData{data.(error), nil, claims, fm})
|
||||
} else {
|
||||
t, ok := rend.templates[options[0]["tpl_content"][0]]
|
||||
if !ok {
|
||||
|
@ -252,12 +267,6 @@ func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data in
|
|||
rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil})
|
||||
}
|
||||
|
||||
var claims jwt.MapClaims
|
||||
|
||||
if r.Context().Value("user") != nil {
|
||||
claims = r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
|
||||
session, err := store.Get(r, "flash-session")
|
||||
|
|
|
@ -21,6 +21,17 @@
|
|||
</button>
|
||||
</nav>
|
||||
|
||||
{{if .FlashMessages}}
|
||||
{{range $message := .FlashMessages}}
|
||||
<div class="alert alert-danger alert-dismissible fade show" role="alert">
|
||||
<strong>Attenzione!</strong> {{$message}}
|
||||
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
<div class="base-template">
|
||||
{{ template "content" . }}
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue