Fixed rights check

handler/create.go

@@ -42,11 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
 	}
 
 	// Check rights
-	canRead, err := currentStruct.CanCreate(currentAuth)
+	canCreate, err := currentStruct.CanCreate(currentAuth)
 	if err != nil {
 		return HandleHTTPError(err, ctx)
 	}
-	if canRead {
+	if !canCreate {
 		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden)
 	}

handler/delete.go

@@ -44,8 +44,8 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
 	if err != nil {
 		return HandleHTTPError(err, ctx)
 	}
-	if canDelete {
-		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
+	if !canDelete {
+		config.LoggingProvider.Noticef("Tried to delete while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden)
 	}
 

handler/read_one.go

@@ -39,8 +39,8 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
 	if err != nil {
 		return HandleHTTPError(err, ctx)
 	}
-	if canRead {
-		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
+	if !canRead {
+		config.LoggingProvider.Noticef("Tried to read while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
 	}
 

handler/update.go

@@ -45,8 +45,8 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
 	if err != nil {
 		return HandleHTTPError(err, ctx)
 	}
-	if canUpdate {
-		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
+	if !canUpdate {
+		config.LoggingProvider.Noticef("Tried to update while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden)
 	}