diff options
author | Gabriel Arakaki Giovanini <mail@gabrielgio.me> | 2023-09-12 18:37:30 +0200 |
---|---|---|
committer | Gabriel Arakaki Giovanini <mail@gabrielgio.me> | 2023-09-12 18:40:00 +0200 |
commit | ae10e121875982d6956d6bff453544cc59a75616 (patch) | |
tree | 9b6508c9b2a105ce3027bb24342916050e2f50cc /pkg/view/settings.go | |
parent | d33ba9ee675eedf47ce4a7977d116bf81dda5b2e (diff) | |
download | lens-ae10e121875982d6956d6bff453544cc59a75616.tar.gz lens-ae10e121875982d6956d6bff453544cc59a75616.tar.bz2 lens-ae10e121875982d6956d6bff453544cc59a75616.zip |
feat: Add admin control
Now only admins can access settings.
Diffstat (limited to 'pkg/view/settings.go')
-rw-r--r-- | pkg/view/settings.go | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/pkg/view/settings.go b/pkg/view/settings.go index bf2dca6..cdd7baa 100644 --- a/pkg/view/settings.go +++ b/pkg/view/settings.go @@ -39,23 +39,28 @@ func (self *SettingsView) Index(w http.ResponseWriter, r *http.Request) error { return err } + user := ext.GetUserFromCtx(r) + templates.WritePageTemplate(w, &templates.SettingsPage{ Settings: s, Users: users, - }) + }, user.IsAdmin) return nil } func (self *SettingsView) User(w http.ResponseWriter, r *http.Request) error { - id := r.FormValue("userId") + var ( + id = r.URL.Query().Get("userId") + user = ext.GetUserFromCtx(r) + ) idValue, err := ParseUint(id) if err != nil { return err } if idValue == nil { - templates.WritePageTemplate(w, &templates.UserPage{}) + templates.WritePageTemplate(w, &templates.UserPage{}, user.IsAdmin) } else { user, err := self.userController.Get(r.Context(), *idValue) if err != nil { @@ -67,7 +72,7 @@ func (self *SettingsView) User(w http.ResponseWriter, r *http.Request) error { Username: user.Username, Path: user.Path, IsAdmin: user.IsAdmin, - }) + }, user.IsAdmin) } return nil @@ -87,7 +92,15 @@ func (self *SettingsView) UpsertUser(w http.ResponseWriter, r *http.Request) err return err } - err = self.userController.Upsert(r.Context(), idValue, username, "", password, isAdmin, path) + err = self.userController.Upsert( + r.Context(), + idValue, + username, + "", + password, + isAdmin, + path, + ) if err != nil { return err } @@ -137,12 +150,12 @@ func (self *SettingsView) Save(w http.ResponseWriter, r *http.Request) error { } func (self *SettingsView) SetMyselfIn(r *ext.Router) { - r.GET("/settings/", self.Index) - r.POST("/settings/", self.Save) + r.GET("/settings", Protect(self.Index)) + r.POST("/settings", Protect(self.Save)) - r.GET("/users/", self.User) - r.GET("/users/delete", self.Delete) - r.POST("/users/", self.UpsertUser) + r.GET("/users", Protect(self.User)) + r.GET("/users/delete", Protect(self.Delete)) + r.POST("/users", Protect(self.UpsertUser)) } func ParseUint(id string) (*uint, error) { |