test(auth): add permission tests for files and settings api

2022-02-23 11:40:51 +08:00 · 2022-02-23 11:40:51 +08:00 · d2d269171d
commit d2d269171d
parent cff87bdddd
5 changed files with 404 additions and 317 deletions
--- a/src/handlers/settings/handlers.go
+++ b/src/handlers/settings/handlers.go
@ -73,7 +73,7 @@ func (h *SettingsSvc) SetClientCfg(c *gin.Context) {

 	role := c.MustGet(q.RoleParam).(string)
 	if role != userstore.AdminRole {
-		c.JSON(q.ErrResp(c, 401, q.ErrUnauthorized))
+		c.JSON(q.ErrResp(c, 403, q.ErrUnauthorized))
 		return
 	}

@ -102,6 +102,12 @@ type ClientErrorReports struct {
 }

 func (h *SettingsSvc) ReportErrors(c *gin.Context) {
+	role := c.MustGet(q.RoleParam).(string)
+	if role == userstore.VisitorRole {
+		c.JSON(q.ErrResp(c, 403, q.ErrUnauthorized))
+		return
+	}
+
 	var err error
 	req := &ClientErrorReports{}
 	if err = c.ShouldBindJSON(&req); err != nil {