Refactored CanRead to check the right before reading it
This commit is contained in:
parent
0933ac0823
commit
62b466dd13
|
@ -102,10 +102,8 @@ type Rights interface {
|
|||
}
|
||||
```
|
||||
|
||||
When using the standard web handler, all methods except `CanRead()` are called before their `CRUD` counterparts. `CanRead()`
|
||||
is called after `ReadOne()` was invoked as this would otherwise mean getting an object from the db to check if the user has the
|
||||
right to see it and then getting it again if thats the case. Calling the function afterwards means we only have to get the
|
||||
object once.
|
||||
When using the standard web handler, all methods are called before their `CRUD` counterparts.
|
||||
Use pointers for methods like `CanRead()` to get the base data of the model first, then check the right and then add addintional data.
|
||||
|
||||
## Handler Config
|
||||
|
||||
|
|
|
@ -30,14 +30,7 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
|||
return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.")
|
||||
}
|
||||
|
||||
// Get our object
|
||||
err := currentStruct.ReadOne()
|
||||
if err != nil {
|
||||
return HandleHTTPError(err, ctx)
|
||||
}
|
||||
|
||||
// Check rights
|
||||
// We can only check the rights on a full object, which is why we need to check it afterwards
|
||||
currentAuth, err := config.AuthProvider.AuthObject(ctx)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
||||
|
@ -51,5 +44,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
|||
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
||||
}
|
||||
|
||||
// Get our object
|
||||
err = currentStruct.ReadOne()
|
||||
if err != nil {
|
||||
return HandleHTTPError(err, ctx)
|
||||
}
|
||||
|
||||
return ctx.JSON(http.StatusOK, currentStruct)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue