Skip to content

Commit 2fdda5c

Browse files
RustyDev24RustyDev24
committed
feat: edit view
1 parent 74f2ac7 commit 2fdda5c

File tree

2 files changed

+24
-8
lines changed

2 files changed

+24
-8
lines changed

internal/middleware/check_user.go

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"github.com/redis/go-redis/v9"
1212

1313
"github.com/CodeChefVIT/devsoc-backend-24/internal/database"
14+
"github.com/CodeChefVIT/devsoc-backend-24/internal/models"
1415
services "github.com/CodeChefVIT/devsoc-backend-24/internal/services/user"
1516
)
1617

@@ -124,7 +125,7 @@ func CheckAdmin(next echo.HandlerFunc) echo.HandlerFunc {
124125

125126
email := claims["sub"].(string)
126127

127-
if claims["role"].(string) != "admin" {
128+
if claims["role"].(string) == "user" {
128129
return c.JSON(http.StatusForbidden, map[string]string{
129130
"message": "not an admin",
130131
"status": "fail",
@@ -183,3 +184,18 @@ func CheckAdmin(next echo.HandlerFunc) echo.HandlerFunc {
183184
return next(c)
184185
}
185186
}
187+
188+
func EditOnly(next echo.HandlerFunc) echo.HandlerFunc {
189+
return func(c echo.Context) error {
190+
user := c.Get("user").(*models.User)
191+
192+
if user.Role == "view" {
193+
return c.JSON(http.StatusForbidden, map[string]string{
194+
"message": "not allowed to edit",
195+
"status": "fail",
196+
})
197+
}
198+
199+
return next(c)
200+
}
201+
}

internal/routes/admin_routes.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,19 +2,19 @@ package routes
22

33
import (
44
"github.com/CodeChefVIT/devsoc-backend-24/internal/controllers"
5+
"github.com/CodeChefVIT/devsoc-backend-24/internal/middleware"
56
"github.com/labstack/echo/v4"
67
)
78

89
func AdminRoutes(incomingRoutes *echo.Echo) {
910
admin := incomingRoutes.Group("/admin")
10-
// admin.Use(middleware.Protected())
11-
// admin.Use(middleware.AuthUser)
12-
// admin.Use(middleware.CheckAdmin)
11+
admin.Use(middleware.Protected())
12+
admin.Use(middleware.CheckAdmin)
1313

1414
admin.GET("/users", controllers.GetAllUsers)
1515
admin.GET("/user/:email", controllers.GetUserByEmail)
16-
admin.POST("/user/ban", controllers.BanUser)
17-
admin.POST("/user/unban", controllers.UnbanUser)
16+
admin.POST("/user/ban", controllers.BanUser, middleware.EditOnly)
17+
admin.POST("/user/unban", controllers.UnbanUser, middleware.EditOnly)
1818
admin.GET("/vitians", controllers.GetAllVitians)
1919
admin.GET("/females", controllers.GetAllFemales)
2020

@@ -23,8 +23,8 @@ func AdminRoutes(incomingRoutes *echo.Echo) {
2323
admin.GET("/team/project/:id", controllers.GetProjectByTeamID)
2424
admin.GET("/team/leader/:id", controllers.GetTeamLeader)
2525
admin.GET("/team/idea/:id", controllers.GetIdeaByTeamID)
26-
admin.GET("/team/ban/:id", controllers.BanTeam)
27-
admin.GET("/team/unban/:id", controllers.UnbanTeam)
26+
admin.GET("/team/ban/:id", controllers.BanTeam, middleware.EditOnly)
27+
admin.GET("/team/unban/:id", controllers.UnbanTeam, middleware.EditOnly)
2828

2929
admin.GET("/projects/all", controllers.GetAllProject)
3030
admin.GET("/ideas/all", controllers.GetAllIdeas)

0 commit comments

Comments
 (0)