Implemented CanCreate method

2018-07-12 23:16:32 +02:00 · 2018-07-12 23:16:32 +02:00 · ddcc063b0b
commit ddcc063b0b
parent 6fd2a97574
6 changed files with 26 additions and 9 deletions
--- a/models/list_create_update.go
+++ b/models/list_create_update.go
@ -40,15 +40,6 @@ func (l *List) Create(doer *User, id int64) (err error) {
 		return
 	}

-	// Get the namespace of the list to check if the user can write to it
-	namespace, err := GetNamespaceByID(l.NamespaceID)
-	if err != nil {
-		return
-	}
-	if !namespace.CanWrite(doer) {
-		return ErrUserDoesNotHaveWriteAccessToNamespace{UserID: user.ID, NamespaceID: namespace.ID}
-	}
-
 	l.Owner.ID = user.ID

 	return CreateOrUpdateList(l)
--- a/models/list_items_rights.go
+++ b/models/list_items_rights.go
@ -16,3 +16,10 @@ func (i *ListItem) CanUpdate(doer *User, id int64) bool {
 	list, _ := GetListByID(lI.ListID)
 	return list.CanWrite(doer)
 }
+
+// CanCreate determines if a user has the right to create a list item
+func (i *ListItem) CanCreate(doer *User, lID int64) bool {
+	// A user can create an item if he has write acces to its list
+	list, _ := GetListByID(lID)
+	return list.CanWrite(doer)
+}
--- a/models/list_rights.go
+++ b/models/list_rights.go
@ -90,3 +90,10 @@ func (l *List) CanUpdate(doer *User, id int64) bool {
 	list, _ := GetListByID(id)
 	return list.CanWrite(doer)
 }
+
+// CanCreate checks if the user can update a list
+func (l *List) CanCreate(doer *User, nID int64) bool {
+	// A user can create a list if he has write access to the namespace
+	n, _ := GetNamespaceByID(nID)
+	return n.CanWrite(doer)
+}
--- a/models/namespaces_rights.go
+++ b/models/namespaces_rights.go
@ -87,3 +87,9 @@ func (n *Namespace) CanUpdate(user *User, id int64) bool {
 	nn, _ := GetNamespaceByID(id)
 	return nn.IsAdmin(user)
 }
+
+// CanCreate checks if the user can create a new namespace
+func (n *Namespace) CanCreate(user *User, id int64) bool {
+	// This is currently a dummy function, later on we could imagine global limits etc.
+	return true
+}
--- a/models/rights.go
+++ b/models/rights.go
@ -7,4 +7,5 @@ type Rights interface {
 	CanRead(*User) bool
 	CanDelete(*User) bool
 	CanUpdate(*User, int64) bool
+	CanCreate(*User, int64) bool
 }
--- a/routes/crud/create.go
+++ b/routes/crud/create.go
@ -28,6 +28,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
 		}
 	}

+	// Check rights
+	if !c.CObject.CanCreate(&currentUser, id) {
+		return echo.NewHTTPError(http.StatusForbidden)
+	}
+
 	// Create
 	err = c.CObject.Create(&currentUser, id)
 	if err != nil {