freckie

Update

......@@ -57,7 +57,7 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
}
// Check Permission
var _count int64
var _count, isSuper int64
timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
row := e.DB.QueryRow(`
SELECT count(timetable_id)
......@@ -72,17 +72,15 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
}
row = e.DB.QueryRow(`
SELECT count(a.timetable_id)
FROM allowlist AS a, users AS u
WHERE a.user_id=u.id
AND a.timetable_id=?
AND u.email=?;
`, timetable, email)
if err := row.Scan(&_count); err == nil {
if _count <= 0 {
functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
SELECT is_super FROM users WHERE email=?
`, email)
if err := row.Scan(&isSuper); err != nil {
if err == sql.ErrNoRows {
functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
return
}
functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
return
}
// Result Resp
......
......@@ -29,7 +29,7 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
sheetID := ps.ByName("sheet_id")
// Check Permission
var _count, _isSuper int64
var _count int64
timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
row := e.DB.QueryRow(`
SELECT count(timetable_id)
......@@ -43,31 +43,31 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
}
}
row = e.DB.QueryRow(`
SELECT (
SELECT count(a.timetable_id)
FROM allowlist AS a, users AS u
WHERE a.user_id=u.id
AND a.timetable_id=?
AND u.email=?
) AS count,
(
SELECT is_super FROM users WHERE email=?
) AS is_super;
`, timetable, email, email)
if err := row.Scan(&_count, &_isSuper); err == nil {
if _isSuper != 1 {
functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
return
}
if _count <= 0 {
functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
return
}
} else {
functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
return
}
// row = e.DB.QueryRow(`
// SELECT (
// SELECT count(a.timetable_id)
// FROM allowlist AS a, users AS u
// WHERE a.user_id=u.id
// AND a.timetable_id=?
// AND u.email=?
// ) AS count,
// (
// SELECT is_super FROM users WHERE email=?
// ) AS is_super;
// `, timetable, email, email)
// if err := row.Scan(&_count, &_isSuper); err == nil {
// if _isSuper != 1 {
// functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
// return
// }
// if _count <= 0 {
// functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
// return
// }
// } else {
// functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
// return
// }
// Parse Request Data
type reqDataStruct struct {
......@@ -192,7 +192,7 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
reservationID := ps.ByName("reservation_id")
// Check Permission
var _count, _isSuper int64
var _count, isSuper int64
timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
row := e.DB.QueryRow(`
SELECT count(timetable_id)
......@@ -207,27 +207,13 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
}
row = e.DB.QueryRow(`
SELECT (
SELECT count(a.timetable_id)
FROM allowlist AS a, users AS u
WHERE a.user_id=u.id
AND a.timetable_id=?
AND u.email=?
) AS count,
(
SELECT is_super FROM users WHERE email=?
) AS is_super;
`, timetable, email, email)
if err := row.Scan(&_count, &_isSuper); err == nil {
if _isSuper != 1 {
functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
return
}
if _count <= 0 {
functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
SELECT is_super FROM users WHERE email=?
`, email)
if err := row.Scan(&isSuper); err != nil {
if err == sql.ErrNoRows {
functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
return
}
} else {
functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
return
}
......@@ -258,9 +244,11 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
functions.ResponseError(w, 500, "예기치 못한 에러 발생 : "+err.Error())
return
}
if _email != email {
functions.ResponseError(w, 403, "예약 접근 권한 부족")
return
if isSuper == 0 {
if _email != email {
functions.ResponseError(w, 403, "예약 접근 권한 부족")
return
}
}
if _transactionType == 0 {
functions.ResponseError(w, 500, "이미 취소된 예약")
......
......@@ -3,6 +3,7 @@ package endpoints
import (
"classroom/functions"
"classroom/models"
"database/sql"
"encoding/json"
"io/ioutil"
"net/http"
......@@ -11,6 +12,68 @@ import (
"github.com/julienschmidt/httprouter"
)
// GET /users
func (e *Endpoints) UsersGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
// Get user email
var email string
if _email, ok := r.Header["X-User-Email"]; ok {
email = _email[0]
} else {
functions.ResponseError(w, 401, "X-User-Email 헤더를 보내세요.")
return
}
// Permission Check
var isSuper int
row := e.DB.QueryRow(`
SELECT is_super FROM users WHERE email=?;
`, email)
if err := row.Scan(&isSuper); err != nil {
if err == sql.ErrNoRows {
functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
return
}
functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
return
}
if isSuper == 0 {
functions.ResponseError(w, 403, "접근 권한 부족. 관리자만 허용된 기능입니다.")
return
}
// Result Resp
resp := models.UsersGetResponse{}
resp.Users = []models.UsersGetItem{}
// Querying
rows, err := e.DB.Query(`
SELECT id, email, is_super FROM users;`)
if err != nil {
if err == sql.ErrNoRows {
resp.UsersCount = 0
functions.ResponseOK(w, "success", resp)
return
}
functions.ResponseError(w, 500, err.Error())
return
}
defer rows.Close()
for rows.Next() {
temp := models.UsersGetItem{}
err := rows.Scan(&temp.UserID, &temp.UserEmail, &temp.IsSuper)
if err != nil {
continue
}
resp.Users = append(resp.Users, temp)
}
// Struct for response
resp.UsersCount = len(resp.Users)
functions.ResponseOK(w, "success", resp)
}
// POST /users
func (e *Endpoints) UsersPost(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
// Get user email
......
......@@ -61,6 +61,7 @@ func main() {
// Router Setting
router := httprouter.New()
router.GET("/api", ep.IndexGet)
router.GET("/api/users", ep.UsersGet)
router.POST("/api/users", ep.UsersPost)
router.GET("/api/timetables/:file_id/:sheet_id/cell", ep.CellGet)
router.POST("/api/timetables/:file_id/:sheet_id/allow", ep.AllowlistPost)
......
package models
type UsersGetResponse struct {
UsersCount int `json:"users_count"`
Users []UsersGetItem `json:"users"`
}
type UsersGetItem struct {
UserID int64 `json:"user_id"`
UserEmail string `json:"user_email"`
IsSuper bool `json:"is_super"`
}
type UsersPostResponse struct {
UserID int64 `json:"user_id"`
}
......