Fix permission issues for unauthenticated users

2022-10-16 11:37:51 +02:00 · 2022-10-16 11:37:51 +02:00 · c9d3f2a20a
commit c9d3f2a20a
parent fd287e4f55
3 changed files with 12 additions and 6 deletions
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -199,12 +199,10 @@ func (app *Application) Routes() http.Handler {
 			r.Get("/newmotion/", motionHandler.NewForm)
 			r.Post("/newmotion/", motionHandler.New)

-			r.Route("/motions/{tag}", func(r chi.Router) {
-				r.Get("/edit", motionHandler.EditForm)
-				r.Post("/edit", motionHandler.Edit)
-				r.Get("/withdraw", motionHandler.WithdrawForm)
-				r.Post("/withdraw", motionHandler.Withdraw)
-			})
+			r.Get("/motions/{tag}/edit", motionHandler.EditForm)
+			r.Post("/motions/{tag}/edit", motionHandler.Edit)
+			r.Get("/motions/{tag}/withdraw", motionHandler.WithdrawForm)
+			r.Post("/motions/{tag}/withdraw", motionHandler.Withdraw)
 		})

 		r.Group(func(r chi.Router) {
--- a/internal/handlers/templatecache.go
+++ b/internal/handlers/templatecache.go
@ -34,6 +34,10 @@ import (
 )

 func checkRole(v *models.User, roles ...models.RoleName) (bool, error) {
+	if v == nil {
+		return false, nil
+	}
+
 	hasRole, err := v.HasRole(roles...)
 	if err != nil {
 		return false, fmt.Errorf("could not determine user roles: %w", err)
--- a/internal/models/users.go
+++ b/internal/models/users.go
@ -251,6 +251,10 @@ WHERE e.address IN (?)`, emails)
 		}
 	}

+	if count == 0 {
+		return nil, nil
+	}
+
 	if user.roles, err = m.Roles(ctx, &user); err != nil {
 		return nil, fmt.Errorf("could not retrieve roles for user %s: %w", user.Name, err)
 	}