Matthew Dillon
parent
e283ec7004
commit
3bfb6fe2b7
3 changed files with 11 additions and 10 deletions
|
|
@ -60,14 +60,12 @@ func (u UserService) List(val *url.Values, claims *types.Claims) (types.Entity,
|
|||
|
||||
// Get retrieves a single user.
|
||||
func (u UserService) Get(id int64, dummy string, claims *types.Claims) (types.Entity, *types.AppError) {
|
||||
user, err := models.DbGetUserByID(id)
|
||||
user, err := models.GetUser(id, dummy, claims)
|
||||
user.Password = ""
|
||||
if err != nil {
|
||||
return nil, newJSONError(err, http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
user.CanEdit = claims.Role == "A" || id == claims.Sub
|
||||
|
||||
payload := payloads.User{
|
||||
User: user,
|
||||
Meta: &models.UserMeta{
|
||||
|
|
@ -81,7 +79,7 @@ func (u UserService) Get(id int64, dummy string, claims *types.Claims) (types.En
|
|||
func (u UserService) Update(id int64, e *types.Entity, dummy string, claims *types.Claims) *types.AppError {
|
||||
user := (*e).(*payloads.User).User
|
||||
|
||||
originalUser, err := models.DbGetUserByID(id)
|
||||
originalUser, err := models.GetUser(id, dummy, claims)
|
||||
if err != nil {
|
||||
return newJSONError(err, http.StatusInternalServerError)
|
||||
}
|
||||
|
|
@ -263,7 +261,7 @@ func HandleUserLockout(w http.ResponseWriter, r *http.Request) *types.AppError {
|
|||
func HandleUserPasswordChange(w http.ResponseWriter, r *http.Request) *types.AppError {
|
||||
claims := helpers.GetClaims(r)
|
||||
|
||||
if err := models.UpdateUserPassword(claims.Sub, r.FormValue("password")); err != nil {
|
||||
if err := models.UpdateUserPassword(&claims, r.FormValue("password")); err != nil {
|
||||
return newJSONError(err, http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -299,7 +299,7 @@ func (fn errorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
func tokenRefresh(j *jwt.Middleware) errorHandler {
|
||||
t := func(w http.ResponseWriter, r *http.Request) *types.AppError {
|
||||
claims := helpers.GetClaims(r)
|
||||
user, err := models.DbGetUserByID(claims.Sub)
|
||||
user, err := models.GetUser(claims.Sub, "", &claims)
|
||||
if err != nil {
|
||||
return newJSONError(err, http.StatusInternalServerError)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -112,8 +112,8 @@ func DbAuthenticate(email string, password string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// DbGetUserByID returns a specific user record by ID.
|
||||
func DbGetUserByID(id int64) (*User, error) {
|
||||
// GetUser returns a specific user record by ID.
|
||||
func GetUser(id int64, dummy string, claims *types.Claims) (*User, error) {
|
||||
var user User
|
||||
q := `SELECT *
|
||||
FROM users
|
||||
|
|
@ -126,6 +126,9 @@ func DbGetUserByID(id int64) (*User, error) {
|
|||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
user.CanEdit = claims.Role == "A" || id == claims.Sub
|
||||
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
|
|
@ -167,8 +170,8 @@ func ListUsers(opt helpers.ListOptions, claims *types.Claims) (*Users, error) {
|
|||
return &users, nil
|
||||
}
|
||||
|
||||
func UpdateUserPassword(id int64, password string) error {
|
||||
user, err := DbGetUserByID(id)
|
||||
func UpdateUserPassword(claims *types.Claims, password string) error {
|
||||
user, err := GetUser(claims.Sub, "", claims)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue