52 lines
1.7 KiB
Go
Executable file
52 lines
1.7 KiB
Go
Executable file
/*
|
|
ScheduleTogether Backend
|
|
Copyright (C) 2024, Marco Vitchi Thulin
|
|
|
|
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License version 3
|
|
as published by the Free Software Foundation.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License version 3 for more details.
|
|
|
|
This program incorporates external libraries for certain functionalities.
|
|
These libraries are covered by their respective licenses, and their usage
|
|
agreements are as outlined in their respective documentation or source
|
|
code.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package middlewares
|
|
|
|
import (
|
|
"slices"
|
|
|
|
"github.com/kataras/iris/v12"
|
|
|
|
"git.zervo.org/scheduletogether/backend/pkg/helpers/request"
|
|
"git.zervo.org/scheduletogether/backend/pkg/permissions"
|
|
"git.zervo.org/scheduletogether/backend/pkg/types"
|
|
)
|
|
|
|
// Authorize checks users permissions to access a resource
|
|
func Authorize(perm types.PermissionKey) iris.Handler {
|
|
return func(ctx iris.Context) {
|
|
claims := request.GetUserClaims(ctx)
|
|
logboi.Info("claims role: " + claims.Role)
|
|
if !slices.Contains(permissions.Permissions[perm].Roles, claims.Role) {
|
|
ctx.StatusCode(iris.StatusUnauthorized)
|
|
ctx.JSON(types.CommonErrorResponse{
|
|
Error: "No permission",
|
|
})
|
|
return // Stop execution
|
|
}
|
|
// Continue to the next handler
|
|
ctx.Next()
|
|
}
|
|
}
|