Toggle navigation
Toggle navigation
This project
Loading...
Sign in
김명현
/
Classroom-Reservation
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
freckie
2020-12-19 00:01:26 +0900
Browse Files
Options
Browse Files
Download
Email Patches
Plain Diff
Commit
eb335cf918b85dbe9ef569d3a8c3538c2b86d425
eb335cf9
1 parent
11c27c5d
Update
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
120 additions
and
59 deletions
api/endpoints/cell.go
api/endpoints/reservation.go
api/endpoints/users.go
api/main.go
api/models/users.go
api/endpoints/cell.go
View file @
eb335cf
...
...
@@ -57,7 +57,7 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
}
// Check Permission
var
_count
int64
var
_count
,
isSuper
int64
timetable
:=
fmt
.
Sprintf
(
"%s,%s"
,
fileID
,
sheetID
)
row
:=
e
.
DB
.
QueryRow
(
`
SELECT count(timetable_id)
...
...
@@ -72,17 +72,15 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
}
row
=
e
.
DB
.
QueryRow
(
`
SELECT count(a.timetable_id)
FROM allowlist AS a, users AS u
WHERE a.user_id=u.id
AND a.timetable_id=?
AND u.email=?;
`
,
timetable
,
email
)
if
err
:=
row
.
Scan
(
&
_count
);
err
==
nil
{
if
_count
<=
0
{
functions
.
ResponseError
(
w
,
403
,
"timetable에 접근할 권한이 부족합니다."
)
SELECT is_super FROM users WHERE email=?
`
,
email
)
if
err
:=
row
.
Scan
(
&
isSuper
);
err
!=
nil
{
if
err
==
sql
.
ErrNoRows
{
functions
.
ResponseError
(
w
,
401
,
"해당 유저가 존재하지 않음"
)
return
}
functions
.
ResponseError
(
w
,
500
,
"예기치 못한 에러 : "
+
err
.
Error
())
return
}
// Result Resp
...
...
api/endpoints/reservation.go
View file @
eb335cf
...
...
@@ -29,7 +29,7 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
sheetID
:=
ps
.
ByName
(
"sheet_id"
)
// Check Permission
var
_count
,
_isSuper
int64
var
_count
int64
timetable
:=
fmt
.
Sprintf
(
"%s,%s"
,
fileID
,
sheetID
)
row
:=
e
.
DB
.
QueryRow
(
`
SELECT count(timetable_id)
...
...
@@ -43,31 +43,31 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
}
}
row
=
e
.
DB
.
QueryRow
(
`
SELECT (
SELECT count(a.timetable_id)
FROM allowlist AS a, users AS u
WHERE a.user_id=u.id
AND a.timetable_id=?
AND u.email=?
) AS count,
(
SELECT is_super FROM users WHERE email=?
) AS is_super;
`
,
timetable
,
email
,
email
)
if
err
:=
row
.
Scan
(
&
_count
,
&
_isSuper
);
err
==
nil
{
if
_isSuper
!=
1
{
functions
.
ResponseError
(
w
,
403
,
"관리자만 접근할 수 있는 기능입니다."
)
return
}
if
_count
<=
0
{
functions
.
ResponseError
(
w
,
403
,
"timetable에 접근할 권한이 부족합니다."
)
return
}
}
else
{
functions
.
ResponseError
(
w
,
500
,
"예기치 못한 에러 : "
+
err
.
Error
())
return
}
//
row = e.DB.QueryRow(`
//
SELECT (
//
SELECT count(a.timetable_id)
//
FROM allowlist AS a, users AS u
//
WHERE a.user_id=u.id
//
AND a.timetable_id=?
//
AND u.email=?
//
) AS count,
//
(
//
SELECT is_super FROM users WHERE email=?
//
) AS is_super;
//
`, timetable, email, email)
//
if err := row.Scan(&_count, &_isSuper); err == nil {
//
if _isSuper != 1 {
//
functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
//
return
//
}
//
if _count <= 0 {
//
functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
//
return
//
}
//
} else {
//
functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
//
return
//
}
// Parse Request Data
type
reqDataStruct
struct
{
...
...
@@ -192,7 +192,7 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
reservationID
:=
ps
.
ByName
(
"reservation_id"
)
// Check Permission
var
_count
,
_
isSuper
int64
var
_count
,
isSuper
int64
timetable
:=
fmt
.
Sprintf
(
"%s,%s"
,
fileID
,
sheetID
)
row
:=
e
.
DB
.
QueryRow
(
`
SELECT count(timetable_id)
...
...
@@ -207,27 +207,13 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
}
row
=
e
.
DB
.
QueryRow
(
`
SELECT (
SELECT count(a.timetable_id)
FROM allowlist AS a, users AS u
WHERE a.user_id=u.id
AND a.timetable_id=?
AND u.email=?
) AS count,
(
SELECT is_super FROM users WHERE email=?
) AS is_super;
`
,
timetable
,
email
,
email
)
if
err
:=
row
.
Scan
(
&
_count
,
&
_isSuper
);
err
==
nil
{
if
_isSuper
!=
1
{
functions
.
ResponseError
(
w
,
403
,
"관리자만 접근할 수 있는 기능입니다."
)
return
}
if
_count
<=
0
{
functions
.
ResponseError
(
w
,
403
,
"timetable에 접근할 권한이 부족합니다."
)
SELECT is_super FROM users WHERE email=?
`
,
email
)
if
err
:=
row
.
Scan
(
&
isSuper
);
err
!=
nil
{
if
err
==
sql
.
ErrNoRows
{
functions
.
ResponseError
(
w
,
401
,
"해당 유저가 존재하지 않음"
)
return
}
}
else
{
functions
.
ResponseError
(
w
,
500
,
"예기치 못한 에러 : "
+
err
.
Error
())
return
}
...
...
@@ -258,9 +244,11 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
functions
.
ResponseError
(
w
,
500
,
"예기치 못한 에러 발생 : "
+
err
.
Error
())
return
}
if
_email
!=
email
{
functions
.
ResponseError
(
w
,
403
,
"예약 접근 권한 부족"
)
return
if
isSuper
==
0
{
if
_email
!=
email
{
functions
.
ResponseError
(
w
,
403
,
"예약 접근 권한 부족"
)
return
}
}
if
_transactionType
==
0
{
functions
.
ResponseError
(
w
,
500
,
"이미 취소된 예약"
)
...
...
api/endpoints/users.go
View file @
eb335cf
...
...
@@ -3,6 +3,7 @@ package endpoints
import
(
"classroom/functions"
"classroom/models"
"database/sql"
"encoding/json"
"io/ioutil"
"net/http"
...
...
@@ -11,6 +12,68 @@ import (
"github.com/julienschmidt/httprouter"
)
// GET /users
func
(
e
*
Endpoints
)
UsersGet
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
,
ps
httprouter
.
Params
)
{
// Get user email
var
email
string
if
_email
,
ok
:=
r
.
Header
[
"X-User-Email"
];
ok
{
email
=
_email
[
0
]
}
else
{
functions
.
ResponseError
(
w
,
401
,
"X-User-Email 헤더를 보내세요."
)
return
}
// Permission Check
var
isSuper
int
row
:=
e
.
DB
.
QueryRow
(
`
SELECT is_super FROM users WHERE email=?;
`
,
email
)
if
err
:=
row
.
Scan
(
&
isSuper
);
err
!=
nil
{
if
err
==
sql
.
ErrNoRows
{
functions
.
ResponseError
(
w
,
401
,
"해당 유저가 존재하지 않음"
)
return
}
functions
.
ResponseError
(
w
,
500
,
"예기치 못한 에러 : "
+
err
.
Error
())
return
}
if
isSuper
==
0
{
functions
.
ResponseError
(
w
,
403
,
"접근 권한 부족. 관리자만 허용된 기능입니다."
)
return
}
// Result Resp
resp
:=
models
.
UsersGetResponse
{}
resp
.
Users
=
[]
models
.
UsersGetItem
{}
// Querying
rows
,
err
:=
e
.
DB
.
Query
(
`
SELECT id, email, is_super FROM users;`
)
if
err
!=
nil
{
if
err
==
sql
.
ErrNoRows
{
resp
.
UsersCount
=
0
functions
.
ResponseOK
(
w
,
"success"
,
resp
)
return
}
functions
.
ResponseError
(
w
,
500
,
err
.
Error
())
return
}
defer
rows
.
Close
()
for
rows
.
Next
()
{
temp
:=
models
.
UsersGetItem
{}
err
:=
rows
.
Scan
(
&
temp
.
UserID
,
&
temp
.
UserEmail
,
&
temp
.
IsSuper
)
if
err
!=
nil
{
continue
}
resp
.
Users
=
append
(
resp
.
Users
,
temp
)
}
// Struct for response
resp
.
UsersCount
=
len
(
resp
.
Users
)
functions
.
ResponseOK
(
w
,
"success"
,
resp
)
}
// POST /users
func
(
e
*
Endpoints
)
UsersPost
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
,
ps
httprouter
.
Params
)
{
// Get user email
...
...
api/main.go
View file @
eb335cf
...
...
@@ -61,6 +61,7 @@ func main() {
// Router Setting
router
:=
httprouter
.
New
()
router
.
GET
(
"/api"
,
ep
.
IndexGet
)
router
.
GET
(
"/api/users"
,
ep
.
UsersGet
)
router
.
POST
(
"/api/users"
,
ep
.
UsersPost
)
router
.
GET
(
"/api/timetables/:file_id/:sheet_id/cell"
,
ep
.
CellGet
)
router
.
POST
(
"/api/timetables/:file_id/:sheet_id/allow"
,
ep
.
AllowlistPost
)
...
...
api/models/users.go
View file @
eb335cf
package
models
type
UsersGetResponse
struct
{
UsersCount
int
`json:"users_count"`
Users
[]
UsersGetItem
`json:"users"`
}
type
UsersGetItem
struct
{
UserID
int64
`json:"user_id"`
UserEmail
string
`json:"user_email"`
IsSuper
bool
`json:"is_super"`
}
type
UsersPostResponse
struct
{
UserID
int64
`json:"user_id"`
}
...
...
Please
register
or
login
to post a comment