arn/AuthorizeHelper.go

package arn

import (
	"errors"

	"github.com/aerogo/aero"
)

// AuthorizeIfLoggedInAndOwnData authorizes the given request if a user is logged in
// and the user ID matches the ID in the request.
func AuthorizeIfLoggedInAndOwnData(ctx aero.Context, userIDParameterName string) error {
	err := AuthorizeIfLoggedIn(ctx)

	if err != nil {
		return err
	}

	userID := ctx.Session().Get("userId").(string)

	if userID != ctx.Get(userIDParameterName) {
		return errors.New("Can not modify data from other users")
	}

	return nil
}

// AuthorizeIfLoggedIn authorizes the given request if a user is logged in.
func AuthorizeIfLoggedIn(ctx aero.Context) error {
	if !ctx.HasSession() {
		return errors.New("Neither logged in nor in session")
	}

	userID, ok := ctx.Session().Get("userId").(string)

	if !ok || userID == "" {
		return errors.New("Not logged in")
	}

	return nil
}
Added arn to the main repository 2019-06-03 09:32:43 +00:00			`package arn`

			`import (`
			`"errors"`

			`"github.com/aerogo/aero"`
			`)`

			`// AuthorizeIfLoggedInAndOwnData authorizes the given request if a user is logged in`
			`// and the user ID matches the ID in the request.`
			`func AuthorizeIfLoggedInAndOwnData(ctx aero.Context, userIDParameterName string) error {`
			`err := AuthorizeIfLoggedIn(ctx)`

			`if err != nil {`
			`return err`
			`}`

			`userID := ctx.Session().Get("userId").(string)`

			`if userID != ctx.Get(userIDParameterName) {`
			`return errors.New("Can not modify data from other users")`
			`}`

			`return nil`
			`}`

			`// AuthorizeIfLoggedIn authorizes the given request if a user is logged in.`
			`func AuthorizeIfLoggedIn(ctx aero.Context) error {`
			`if !ctx.HasSession() {`
			`return errors.New("Neither logged in nor in session")`
			`}`

			`userID, ok := ctx.Session().Get("userId").(string)`

			`if !ok \|\| userID == "" {`
			`return errors.New("Not logged in")`
			`}`

			`return nil`
			`}`