Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var Controller goweb.ControllerFunc = func(cx *goweb.Context) { request.Log(cx.Request) u, err := request.Authenticate(cx.Request) if err != nil && err.Error() != e.NoAuth { request.AuthError(err, cx) return } if u == nil { cx.RespondWithErrorMessage(e.NoAuth, http.StatusUnauthorized) return } id := cx.PathParams["nid"] n, err := node.Load(id, u.Uuid) if err != nil { if err.Error() == e.UnAuth { cx.RespondWithError(http.StatusUnauthorized) return } else if err.Error() == e.MongoDocNotFound { cx.RespondWithNotFound() return } else { logger.Error("Err@node_Read:LoadNode: " + err.Error()) cx.RespondWithError(http.StatusInternalServerError) return } } rights := n.Acl.Check(u.Uuid) if cx.Request.Method != "GET" { ids, err := parseAclRequest(cx) if err != nil { cx.RespondWithErrorMessage(err.Error(), http.StatusBadRequest) return } if (cx.Request.Method == "POST" || cx.Request.Method == "PUT") && (u.Uuid == n.Acl.Owner || rights["write"]) { for k, v := range ids { for _, i := range v { n.Acl.Set(i, map[string]bool{k: true}) } } n.Save() } else if cx.Request.Method == "DELETE" && (u.Uuid == n.Acl.Owner || rights["delete"]) { for k, v := range ids { for _, i := range v { n.Acl.UnSet(i, map[string]bool{k: true}) } } n.Save() } else { cx.RespondWithError(http.StatusUnauthorized) return } } if u.Uuid == n.Acl.Owner || rights["read"] { cx.RespondWithData(n.Acl) } else { cx.RespondWithError(http.StatusUnauthorized) return } return }
GET, POST, PUT, DELETE: /node/{nid}/acl/
View Source
var ControllerTyped goweb.ControllerFunc = func(cx *goweb.Context) { request.Log(cx.Request) u, err := request.Authenticate(cx.Request) if err != nil && err.Error() != e.NoAuth { request.AuthError(err, cx) return } if u == nil { cx.RespondWithErrorMessage(e.NoAuth, http.StatusUnauthorized) return } rtype := cx.PathParams["type"] if !validAclTypes[rtype] { cx.RespondWithErrorMessage("Invalid acl type", http.StatusBadRequest) return } id := cx.PathParams["nid"] n, err := node.Load(id, u.Uuid) if err != nil { if err.Error() == e.UnAuth { cx.RespondWithError(http.StatusUnauthorized) return } else if err.Error() == e.MongoDocNotFound { cx.RespondWithNotFound() return } else { logger.Error("Err@node_Read:LoadNode: " + err.Error()) cx.RespondWithError(http.StatusInternalServerError) return } } rights := n.Acl.Check(u.Uuid) if cx.Request.Method != "GET" { ids, err := parseAclRequestTyped(cx) if err != nil { cx.RespondWithErrorMessage(err.Error(), http.StatusBadRequest) return } if (cx.Request.Method == "POST" || cx.Request.Method == "PUT") && (u.Uuid == n.Acl.Owner || rights["write"]) { if rtype == "owner" { if u.Uuid == n.Acl.Owner { if len(ids) == 1 { n.Acl.SetOwner(ids[0]) } else { cx.RespondWithErrorMessage("Too many users. Nodes may have only one owner.", http.StatusBadRequest) return } } else { cx.RespondWithErrorMessage("Only owner can change ownership of Node.", http.StatusBadRequest) return } } else { for _, i := range ids { n.Acl.Set(i, map[string]bool{rtype: true}) } } n.Save() } else if cx.Request.Method == "DELETE" && (u.Uuid == n.Acl.Owner || rights["delete"]) { for _, i := range ids { n.Acl.UnSet(i, map[string]bool{rtype: true}) } n.Save() } else { cx.RespondWithError(http.StatusUnauthorized) return } } if u.Uuid == n.Acl.Owner || rights["read"] { switch rtype { case "read": cx.RespondWithData(map[string][]string{"read": n.Acl.Read}) case "write": cx.RespondWithData(map[string][]string{"write": n.Acl.Write}) case "delete": cx.RespondWithData(map[string][]string{"delete": n.Acl.Delete}) case "owner": cx.RespondWithData(map[string]string{"owner": n.Acl.Owner}) } } else { cx.RespondWithError(http.StatusUnauthorized) return } return }
GET, POST, PUT, DELETE: /node/{nid}/acl/{type}
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.