api/middleware/admin.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

package middleware

import (
	"net/http"

	"github.com/LMBishop/confplanner/api/dto"
	"github.com/LMBishop/confplanner/pkg/session"
	"github.com/LMBishop/confplanner/pkg/user"
)

func MustAuthoriseAdmin(service user.Service, store session.Service) func(http.HandlerFunc) http.HandlerFunc {
	return func(next http.HandlerFunc) http.HandlerFunc {
		return func(w http.ResponseWriter, r *http.Request) {
			session := r.Context().Value("session").(*session.UserSession)

			if !session.Admin {
				dto.WriteDto(w, r, &dto.ErrorResponse{
					Code:    http.StatusForbidden,
					Message: "Forbidden",
				})
				return
			}

			next(w, r)
		}
	}
}