From c9d3f2a20a0aaea8a0da5045cab55fb6f41420ab Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sun, 16 Oct 2022 11:37:51 +0200 Subject: [PATCH] Fix permission issues for unauthenticated users --- internal/app/app.go | 10 ++++------ internal/handlers/templatecache.go | 4 ++++ internal/models/users.go | 4 ++++ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/internal/app/app.go b/internal/app/app.go index c05715d..b53c3a4 100644 --- a/internal/app/app.go +++ b/internal/app/app.go @@ -199,12 +199,10 @@ func (app *Application) Routes() http.Handler { r.Get("/newmotion/", motionHandler.NewForm) r.Post("/newmotion/", motionHandler.New) - r.Route("/motions/{tag}", func(r chi.Router) { - r.Get("/edit", motionHandler.EditForm) - r.Post("/edit", motionHandler.Edit) - r.Get("/withdraw", motionHandler.WithdrawForm) - r.Post("/withdraw", motionHandler.Withdraw) - }) + r.Get("/motions/{tag}/edit", motionHandler.EditForm) + r.Post("/motions/{tag}/edit", motionHandler.Edit) + r.Get("/motions/{tag}/withdraw", motionHandler.WithdrawForm) + r.Post("/motions/{tag}/withdraw", motionHandler.Withdraw) }) r.Group(func(r chi.Router) { diff --git a/internal/handlers/templatecache.go b/internal/handlers/templatecache.go index 629df77..37d9902 100644 --- a/internal/handlers/templatecache.go +++ b/internal/handlers/templatecache.go @@ -34,6 +34,10 @@ import ( ) func checkRole(v *models.User, roles ...models.RoleName) (bool, error) { + if v == nil { + return false, nil + } + hasRole, err := v.HasRole(roles...) if err != nil { return false, fmt.Errorf("could not determine user roles: %w", err) diff --git a/internal/models/users.go b/internal/models/users.go index 3670ab9..28ab131 100644 --- a/internal/models/users.go +++ b/internal/models/users.go @@ -251,6 +251,10 @@ WHERE e.address IN (?)`, emails) } } + if count == 0 { + return nil, nil + } + if user.roles, err = m.Roles(ctx, &user); err != nil { return nil, fmt.Errorf("could not retrieve roles for user %s: %w", user.Name, err) }