|
@@ -187,23 +187,28 @@ func (auth *Auth) DoesUserHaveProjectAccess(
|
|
|
// first check for token
|
|
// first check for token
|
|
|
tok := auth.getTokenFromRequest(r)
|
|
tok := auth.getTokenFromRequest(r)
|
|
|
|
|
|
|
|
|
|
+ var userID uint
|
|
|
|
|
+
|
|
|
if tok != nil && tok.ProjectID == uint(projID) {
|
|
if tok != nil && tok.ProjectID == uint(projID) {
|
|
|
next.ServeHTTP(w, r)
|
|
next.ServeHTTP(w, r)
|
|
|
return
|
|
return
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- session, err := auth.store.Get(r, auth.cookieName)
|
|
|
|
|
|
|
+ } else if tok != nil {
|
|
|
|
|
+ userID = tok.IBy
|
|
|
|
|
+ } else {
|
|
|
|
|
+ session, err := auth.store.Get(r, auth.cookieName)
|
|
|
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
|
|
|
- return
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
|
|
|
+ return
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- userID, ok := session.Values["user_id"].(uint)
|
|
|
|
|
|
|
+ sessionUserID, ok := session.Values["user_id"]
|
|
|
|
|
+ userID = sessionUserID.(uint)
|
|
|
|
|
|
|
|
- if !ok {
|
|
|
|
|
- http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
|
|
|
- return
|
|
|
|
|
|
|
+ if !ok {
|
|
|
|
|
+ http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
|
|
|
+ return
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// get the project
|
|
// get the project
|
Alexander Belanger