starred/UpSnap-seriousm4x-4
1
0
Fork 0
mirror of https://github.com/seriousm4x/UpSnap.git synced 2026-04-05 08:53:52 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
24aec5e1de339cdfd7770c6b88de5a23f468fb84
UpSnap-seriousm4x-4/backend/pb/middlewares.go
seriousm4x 6fc02ce46d add user permissions to backend #75
2023-08-12 21:05:14 +02:00

37 lines
988 B
Go
Raw Blame History

package pb
import (
"fmt"
"github.com/labstack/echo/v5"
"github.com/pocketbase/pocketbase/apis"
"github.com/pocketbase/pocketbase/models"
)
func RequireUpSnapPermission() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
admin, _ := c.Get(apis.ContextAdminKey).(*models.Admin)
if admin != nil {
return next(c)
}
user, _ := c.Get(apis.ContextAuthRecordKey).(*models.Record)
if user == nil {
return apis.NewUnauthorizedError("The request requires admin or record authorization token to be set.", nil)
}
deviceId := c.PathParam("id")
// find record where user has device with power permission
res, err := App.Dao().FindFirstRecordByFilter("permissions",
fmt.Sprintf("user.id = '%s' && power.id ?= '%s'", user.Id, deviceId))
if res == nil || err != nil {
return apis.NewForbiddenError("You are not allowed to perform this request.", nil)
}
return next(c)
}
}
}
Reference in New Issue View Git Blame Copy Permalink