doesnm/quickshare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test(auth): add permission tests for files and settings api

Browse source
This commit is contained in:
hexxa 2022-02-23 11:40:51 +08:00 committed by Hexxa
parent cff87bdddd
commit d2d269171d
5 changed files with 404 additions and 317 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/handlers/fileshdr/handlers.go
View file

@ -992,6 +992,11 @@ func (h *FileHandlers) GenerateHash(c *gin.Context) {
return
}
if req.FilePath == "" {
c.JSON(q.ErrResp(c, 400, errors.New("invalid file path")))
return
}
role := c.MustGet(q.RoleParam).(string)
userName := c.MustGet(q.UserParam).(string)
if !h.canAccess(userName, role, "hash.gen", req.FilePath) {

8
src/handlers/settings/handlers.go
View file

@ -73,7 +73,7 @@ func (h *SettingsSvc) SetClientCfg(c *gin.Context) {
role := c.MustGet(q.RoleParam).(string)
if role != userstore.AdminRole {
c.JSON(q.ErrResp(c, 401, q.ErrUnauthorized))
c.JSON(q.ErrResp(c, 403, q.ErrUnauthorized))
return
}
@ -102,6 +102,12 @@ type ClientErrorReports struct {
}
func (h *SettingsSvc) ReportErrors(c *gin.Context) {
role := c.MustGet(q.RoleParam).(string)
if role == userstore.VisitorRole {
c.JSON(q.ErrResp(c, 403, q.ErrUnauthorized))
return
}
var err error
req := &ClientErrorReports{}
if err = c.ShouldBindJSON(&req); err != nil {