Protect POST, DELETE routes
This commit is contained in:
parent
96485fc9f3
commit
e94c4b9afa
7 changed files with 71 additions and 44 deletions
2
dist/main.bundle.js
vendored
2
dist/main.bundle.js
vendored
File diff suppressed because one or more lines are too long
9
dist/styles.css
vendored
9
dist/styles.css
vendored
|
@ -15452,8 +15452,15 @@ ul.karmen-related-elements {
|
|||
}
|
||||
|
||||
.oef-anchor-selection:target {
|
||||
background: yellow;
|
||||
animation-name: bg-fade-in-fade-out-animation;
|
||||
animation-duration: 2s;
|
||||
animation-timing-function: ease-in-out;
|
||||
}
|
||||
|
||||
@keyframes bg-fade-in-fade-out-animation {
|
||||
0% { background-color:white; }
|
||||
50.0% { background-color:#f8f9fa; }
|
||||
100.0% { background-color:white; }
|
||||
}
|
||||
|
||||
/*# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiIsImZpbGUiOiJzdHlsZXMuY3NzIiwic291cmNlUm9vdCI6IiJ9*/
|
|
@ -265,6 +265,12 @@ func post(w http.ResponseWriter, r *http.Request, model string, pattern PathPatt
|
|||
|
||||
if err != nil {
|
||||
respondWithError(w, r, err)
|
||||
} else {
|
||||
claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
|
||||
|
||||
role := claims["role"].(string)
|
||||
if !hasPermission(role, pattern.Path(model)) {
|
||||
renderer.Render[respFormat](w, r, fmt.Errorf("%s", "Errore di autorizzazione"))
|
||||
} else {
|
||||
data, err = postFn(mux.Vars(r), w, r)
|
||||
if err != nil {
|
||||
|
@ -279,19 +285,22 @@ func post(w http.ResponseWriter, r *http.Request, model string, pattern PathPatt
|
|||
} else {
|
||||
renderer.Render[respFormat](w, r, data.(orm.IDer).GetID())
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func delete(w http.ResponseWriter, r *http.Request, model string, pattern PathPattern) {
|
||||
var (
|
||||
data interface{}
|
||||
err error
|
||||
)
|
||||
var data interface{}
|
||||
|
||||
respFormat := renderer.GetContentFormat(r)
|
||||
|
||||
claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
|
||||
|
||||
role := claims["role"].(string)
|
||||
if !hasPermission(role, pattern.Path(model)) {
|
||||
renderer.Render[respFormat](w, r, fmt.Errorf("%s", "Errore di autorizzazione"))
|
||||
} else {
|
||||
postFn, err := orm.GetFunc(pattern.Path(model))
|
||||
if err != nil {
|
||||
renderer.Render[r.URL.Query().Get("format")](w, r, err)
|
||||
|
@ -310,6 +319,7 @@ func delete(w http.ResponseWriter, r *http.Request, model string, pattern PathPa
|
|||
} else {
|
||||
renderer.Render[respFormat](w, r, data.(orm.IDer).GetID())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func respondWithError(w http.ResponseWriter, r *http.Request, err error) {
|
||||
|
|
|
@ -10,7 +10,6 @@ const (
|
|||
|
||||
var (
|
||||
RolePermissions map[string]map[string][]int = map[string]map[string][]int{
|
||||
|
||||
"administrator": map[string][]int{
|
||||
"Contest": []int{PermissionCreate, PermissionRead, PermissionReadAll, PermissionUpdate, PermissionDelete},
|
||||
"Participant": []int{PermissionCreate, PermissionRead, PermissionReadAll, PermissionUpdate, PermissionDelete},
|
||||
|
|
|
@ -24,7 +24,7 @@ type Contest struct {
|
|||
Date time.Time
|
||||
StartTime time.Time
|
||||
EndTime time.Time
|
||||
Duration int // minutes
|
||||
Duration int // in minutes
|
||||
|
||||
NumQuestions int
|
||||
NumAnswersPerQuestion int
|
||||
|
@ -59,9 +59,9 @@ func (c *Contest) Create(args map[string]string, w http.ResponseWriter, r *http.
|
|||
r.PostForm.Set("StartTime", time.Time{}.String())
|
||||
r.PostForm.Set("EndTime", time.Time{}.String())
|
||||
} else {
|
||||
r.PostForm.Set("Date", fmt.Sprintf("%sT%s:00+00:00", date, startTime))
|
||||
r.PostForm.Set("StartTime", fmt.Sprintf("%sT%s:00+00:00", date, startTime))
|
||||
r.PostForm.Set("EndTime", fmt.Sprintf("%sT%s:00+00:00", date, endTime))
|
||||
r.PostForm.Set("Date", fmt.Sprintf("%sT%s:00+01:00", date, startTime))
|
||||
r.PostForm.Set("StartTime", fmt.Sprintf("%sT%s:00+01:00", date, startTime))
|
||||
r.PostForm.Set("EndTime", fmt.Sprintf("%sT%s:00+01:00", date, endTime))
|
||||
}
|
||||
|
||||
err = renderer.Decode(contest, r)
|
||||
|
@ -139,9 +139,9 @@ func (c *Contest) Update(args map[string]string, w http.ResponseWriter, r *http.
|
|||
r.PostForm.Set("StartTime", time.Time{}.Format(time.RFC3339))
|
||||
r.PostForm.Set("EndTime", time.Time{}.Format(time.RFC3339))
|
||||
} else {
|
||||
r.PostForm.Set("Date", fmt.Sprintf("%sT%s:00+00:00", date, startTime))
|
||||
r.PostForm.Set("StartTime", fmt.Sprintf("%sT%s:00+00:00", date, startTime))
|
||||
r.PostForm.Set("EndTime", fmt.Sprintf("%sT%s:00+00:00", date, endTime))
|
||||
r.PostForm.Set("Date", fmt.Sprintf("%sT%s:00+01:00", date, startTime))
|
||||
r.PostForm.Set("StartTime", fmt.Sprintf("%sT%s:00+01:00", date, startTime))
|
||||
r.PostForm.Set("EndTime", fmt.Sprintf("%sT%s:00+01:00", date, endTime))
|
||||
}
|
||||
|
||||
err = renderer.Decode(contest, r)
|
||||
|
@ -178,6 +178,10 @@ func SaveContest(contest interface{}) (interface{}, error) {
|
|||
return contest, nil
|
||||
}
|
||||
|
||||
func (c *Contest) isAlwaysActive() bool {
|
||||
return c.StartTime.IsZero() || c.EndTime.IsZero() || c.Duration == 0
|
||||
}
|
||||
|
||||
func (c *Contest) generateQuestionsOrder() (string, error) {
|
||||
var (
|
||||
order []string
|
||||
|
|
|
@ -173,7 +173,7 @@ func (model *Response) Update(args map[string]string, w http.ResponseWriter, r *
|
|||
|
||||
// Write StartTime for the first time if user is a participant
|
||||
|
||||
if isParticipant(r) && !response.Contest.StartTime.IsZero() && !response.Contest.EndTime.IsZero() {
|
||||
if isParticipant(r) && !response.Contest.isAlwaysActive() {
|
||||
if response.StartTime.IsZero() {
|
||||
if err := DB().Model(&response).Update("start_time", time.Now()).Error; err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -103,6 +103,13 @@ ul.karmen-related-elements {
|
|||
}
|
||||
|
||||
.oef-anchor-selection:target {
|
||||
background: yellow;
|
||||
animation-name: bg-fade-in-fade-out-animation;
|
||||
animation-duration: 2s;
|
||||
animation-timing-function: ease-in-out;
|
||||
}
|
||||
|
||||
@keyframes bg-fade-in-fade-out-animation {
|
||||
0% { background-color:white; }
|
||||
50.0% { background-color:#f8f9fa; }
|
||||
100.0% { background-color:white; }
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue