Merge branch 'production' into HEAD
This commit is contained in:
commit
71a7e64422
15 changed files with 34 additions and 28 deletions
2
VERSION
2
VERSION
|
@ -1 +1 @@
|
|||
0.3.0-11-ge92b71e-production
|
||||
0.3.0-11-ge92b71e-production
|
2
dist/main.bundle.js
vendored
2
dist/main.bundle.js
vendored
File diff suppressed because one or more lines are too long
2
dist/styles.css
vendored
2
dist/styles.css
vendored
|
@ -4,7 +4,7 @@ html {
|
|||
|
||||
body {
|
||||
padding-top: 60px;
|
||||
position: relative;
|
||||
/*position: relative;*/
|
||||
}
|
||||
|
||||
div.login {
|
||||
|
|
|
@ -16,7 +16,7 @@ services:
|
|||
|
||||
smtp:
|
||||
image: digiplant/fake-smtp
|
||||
container_name: oef_test_smtp
|
||||
container_name: oef_test_handlers_smtp
|
||||
ports:
|
||||
- "1025:25"
|
||||
|
||||
|
|
|
@ -473,7 +473,7 @@ func DefaultHomeHandler() http.Handler {
|
|||
r,
|
||||
fmt.Sprintf(
|
||||
"/participants/%s?format=html&tpl_layout=base&tpl_content=participants_show",
|
||||
claims["user_id"].(string)),
|
||||
claims["model_id"].(string)),
|
||||
http.StatusSeeOther,
|
||||
)
|
||||
|
||||
|
@ -483,7 +483,7 @@ func DefaultHomeHandler() http.Handler {
|
|||
r,
|
||||
fmt.Sprintf(
|
||||
"/schools/%s?format=html&tpl_layout=base&tpl_content=schools_show",
|
||||
claims["user_id"].(string)),
|
||||
claims["model_id"].(string)),
|
||||
http.StatusSeeOther,
|
||||
)
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@ type UserToken struct {
|
|||
Username string
|
||||
Admin bool
|
||||
Role string
|
||||
ModelID string
|
||||
UserID string
|
||||
}
|
||||
|
||||
|
@ -68,13 +69,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
|
|||
// Check if user is the administrator
|
||||
|
||||
if username == db.Config.Admin.Username && password == db.Config.Admin.Password {
|
||||
return &UserToken{username, true, "administrator", "0"}, nil
|
||||
return &UserToken{username, true, "administrator", "0", "0"}, nil
|
||||
}
|
||||
|
||||
// Check if user is a subscriber
|
||||
|
||||
if password == db.Config.Subscriber.Password {
|
||||
return &UserToken{"subscriber", false, "subscriber", "0"}, nil
|
||||
return &UserToken{"subscriber", false, "subscriber", "0", "0"}, nil
|
||||
}
|
||||
|
||||
var token *UserToken
|
||||
|
@ -89,13 +90,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
|
|||
if err := db.DB().First(&participant, &orm.Participant{UserID: user.ID}).Error; err != nil {
|
||||
return nil, errors.New("Authentication failed!")
|
||||
}
|
||||
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID))}
|
||||
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID)), strconv.Itoa(int(user.ID))}
|
||||
case "school":
|
||||
var school orm.School
|
||||
if err := db.DB().First(&school, &orm.School{UserID: user.ID}).Error; err != nil {
|
||||
return nil, errors.New("Authentication failed!")
|
||||
}
|
||||
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID))}
|
||||
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID)), strconv.Itoa(int(user.ID))}
|
||||
}
|
||||
|
||||
return token, nil
|
||||
|
@ -113,6 +114,7 @@ func getToken(db *orm.Database, username string, password string, signingKey []b
|
|||
claims["admin"] = user.Admin
|
||||
claims["username"] = user.Username
|
||||
claims["role"] = user.Role
|
||||
claims["model_id"] = user.ModelID
|
||||
claims["user_id"] = user.UserID
|
||||
claims["exp"] = time.Now().Add(time.Hour * 24).Unix()
|
||||
|
||||
|
|
|
@ -210,7 +210,7 @@ func (model *Participant) Create(db *Database, args map[string]string, w http.Re
|
|||
|
||||
// If user has "school" role get school id from token
|
||||
if isSchool(r) {
|
||||
schoolID, err := strconv.Atoi(getUserIDFromToken(r))
|
||||
schoolID, err := strconv.Atoi(getModelIDFromToken(r))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -267,7 +267,7 @@ func (model *Participant) Read(db *Database, args map[string]string, w http.Resp
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if strconv.Itoa(int(participant.SchoolID)) != getUserIDFromToken(r) {
|
||||
if strconv.Itoa(int(participant.SchoolID)) != getModelIDFromToken(r) {
|
||||
return nil, errors.NotAuthorized
|
||||
}
|
||||
|
||||
|
@ -304,7 +304,7 @@ func (model *Participant) ReadAll(db *Database, args map[string]string, w http.R
|
|||
|
||||
// School user can access to its participants only!
|
||||
if isSchool(r) {
|
||||
schoolId, err := strconv.Atoi(getUserIDFromToken(r))
|
||||
schoolId, err := strconv.Atoi(getModelIDFromToken(r))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -467,7 +467,7 @@ func CreateParticipant(db *Database, participant *Participant) (*Participant, er
|
|||
func SaveParticipant(db *Database, participant interface{}) (interface{}, error) {
|
||||
participant.(*Participant).FiscalCode = strings.ToUpper(participant.(*Participant).FiscalCode)
|
||||
|
||||
if err := db._db.Omit("Category", "School").Save(participant).Error; err != nil {
|
||||
if err := db._db.Omit("Category", "School", "Creator", "Updater").Save(participant).Error; err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return participant, nil
|
||||
|
|
|
@ -275,7 +275,7 @@ func CreateResponse(db *Database, response *Response) (*Response, error) {
|
|||
}
|
||||
|
||||
func SaveResponse(db *Database, response interface{}) (interface{}, error) {
|
||||
if err := db._db. /*.Omit("Something")*/ Save(response).Error; err != nil {
|
||||
if err := db._db.Omit("Creator", "Updater").Save(response).Error; err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return response, nil
|
||||
|
|
|
@ -42,6 +42,10 @@ func getUserIDFromToken(r *http.Request) string {
|
|||
return getClaims(r)["user_id"].(string)
|
||||
}
|
||||
|
||||
func getModelIDFromToken(r *http.Request) string {
|
||||
return getClaims(r)["model_id"].(string)
|
||||
}
|
||||
|
||||
func getUserIDFromTokenAsUint(r *http.Request) uint {
|
||||
id, _ := strconv.Atoi(getUserIDFromToken(r))
|
||||
return uint(id)
|
||||
|
|
|
@ -207,7 +207,7 @@ func (model *School) Read(db *Database, args map[string]string, w http.ResponseW
|
|||
|
||||
id := args["id"]
|
||||
|
||||
if isSchool(r) && id != getUserIDFromToken(r) {
|
||||
if isSchool(r) && id != getModelIDFromToken(r) {
|
||||
return nil, errors.NotAuthorized
|
||||
}
|
||||
|
||||
|
@ -306,7 +306,7 @@ func CreateSchool(db *Database, school *School) (*School, error) {
|
|||
}
|
||||
|
||||
func SaveSchool(db *Database, school interface{}) (interface{}, error) {
|
||||
if err := db._db.Omit("Region").Save(school).Error; err != nil {
|
||||
if err := db._db.Omit("Region", "Creator", "Updater").Save(school).Error; err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return school, nil
|
||||
|
@ -317,7 +317,7 @@ func (model *School) HasCategory(db *Database, participant *Participant) (bool,
|
|||
|
||||
if err := db._db.
|
||||
Where("category_id = ? AND school_id = ? AND id <> ?", participant.CategoryID, model.ID, participant.ID).
|
||||
Find(&participants).Error; err != nil {
|
||||
Find(&participants).Error; err != nil {
|
||||
return false, err
|
||||
}
|
||||
return len(participants) > 0, nil
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
package orm
|
||||
|
||||
import "net/http"
|
||||
import (
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type Modifier interface {
|
||||
SetCreatorID(id uint)
|
||||
|
|
|
@ -64,7 +64,7 @@ var (
|
|||
"isSubscriber": isSubscriber,
|
||||
"isSchool": isSchool,
|
||||
"attr": attr,
|
||||
"userId": userId,
|
||||
"modelId": modelId,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -105,8 +105,8 @@ func username(claims jwt.MapClaims) string {
|
|||
return claims["username"].(string)
|
||||
}
|
||||
|
||||
func userId(claims jwt.MapClaims) (uint, error) {
|
||||
id, err := strconv.Atoi(claims["user_id"].(string))
|
||||
func modelId(claims jwt.MapClaims) (uint, error) {
|
||||
id, err := strconv.Atoi(claims["model_id"].(string))
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@ html {
|
|||
|
||||
body {
|
||||
padding-top: 60px;
|
||||
position: relative;
|
||||
/*position: relative;*/
|
||||
}
|
||||
|
||||
div.login {
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
<a class="nav-item nav-link {{.Options|active "Response"}}" href="{{all "Response"}}">Prove</a>
|
||||
{{- end -}}
|
||||
{{- if $isSchool -}}
|
||||
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|userId|show "School"}}">Scuola</a>
|
||||
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|modelId|show "School"}}">Scuola</a>
|
||||
<a class="nav-item nav-link {{.Options|active "Participant"}}" href="{{all "Participant"}}">Partecipanti</a>
|
||||
{{- end -}}
|
||||
</ul>
|
||||
|
|
|
@ -38,16 +38,14 @@
|
|||
<footer class="footer text-center">
|
||||
<div class="container">
|
||||
<span class="text-center text-muted">Questo software è stato sviluppato da <a href="https://github.com/remogatto">Andrea
|
||||
Fazzi</a> per le <a href="https://www.olimpiadi-economiaefinanza.it">Olimpiadi di Economia e Finanza 2020</a> ({{version}})
|
||||
</span>
|
||||
Fazzi</a> per le <a href="https://www.olimpiadi-economiaefinanza.it">Olimpiadi di Economia e Finanza 2020</a> ({{version}})
|
||||
</span>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
|
||||
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
|
||||
|
||||
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
|
||||
|
||||
<script src="/main.bundle.js"></script>
|
||||
|
||||
</body>
|
||||
|
|
Loading…
Reference in a new issue