settel/knowyt
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

check permissions

Browse Source
This commit is contained in:
Settel 2021-08-05 16:36:39 +02:00
parent 55503395a4
commit 00b1925969
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
server/src/application/syncHandler.go
View File

@ -7,14 +7,6 @@ import (
) )
func (app *Application) SyncHandler(usr *user.User, w http.ResponseWriter, r *http.Request) { func (app *Application) SyncHandler(usr *user.User, w http.ResponseWriter, r *http.Request) {
// usrId :=
// usr := app.GetUserById(usrId)
// if usr.Game != gameRef && usr.IsAdmin() {
// w.WriteHeader(http.StatusForbidden)
// fmt.Fprintf(w, "forbidden")
// return
// }
gameRef := r.URL.Query().Get("g") gameRef := r.URL.Query().Get("g")
gm, err := app.GetGameById(gameRef) gm, err := app.GetGameById(gameRef)
if err != nil { if err != nil {
@ -23,6 +15,12 @@ func (app *Application) SyncHandler(usr *user.User, w http.ResponseWriter, r *ht
return return
} }
if usr.Game != gameRef && !usr.IsAdmin() {
w.WriteHeader(http.StatusForbidden)
fmt.Fprintf(w, "forbidden")
return
}
eng := gm.GetEngine() eng := gm.GetEngine()
eng.SyncHandler(w, r) eng.SyncHandler(w, r)
} }