Refactored CanRead to check the right before reading it
This commit is contained in:
parent
0933ac0823
commit
62b466dd13
|
@ -102,10 +102,8 @@ type Rights interface {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
When using the standard web handler, all methods except `CanRead()` are called before their `CRUD` counterparts. `CanRead()`
|
When using the standard web handler, all methods are called before their `CRUD` counterparts.
|
||||||
is called after `ReadOne()` was invoked as this would otherwise mean getting an object from the db to check if the user has the
|
Use pointers for methods like `CanRead()` to get the base data of the model first, then check the right and then add addintional data.
|
||||||
right to see it and then getting it again if thats the case. Calling the function afterwards means we only have to get the
|
|
||||||
object once.
|
|
||||||
|
|
||||||
## Handler Config
|
## Handler Config
|
||||||
|
|
||||||
|
|
|
@ -30,14 +30,7 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
||||||
return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.")
|
return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get our object
|
|
||||||
err := currentStruct.ReadOne()
|
|
||||||
if err != nil {
|
|
||||||
return HandleHTTPError(err, ctx)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check rights
|
// Check rights
|
||||||
// We can only check the rights on a full object, which is why we need to check it afterwards
|
|
||||||
currentAuth, err := config.AuthProvider.AuthObject(ctx)
|
currentAuth, err := config.AuthProvider.AuthObject(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
||||||
|
@ -51,5 +44,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
||||||
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get our object
|
||||||
|
err = currentStruct.ReadOne()
|
||||||
|
if err != nil {
|
||||||
|
return HandleHTTPError(err, ctx)
|
||||||
|
}
|
||||||
|
|
||||||
return ctx.JSON(http.StatusOK, currentStruct)
|
return ctx.JSON(http.StatusOK, currentStruct)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user