diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-03-06 20:44:21 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-03-06 20:44:21 +0800 |
| commit | 5614adc762adc2e94a9bf2d6d69fef46570ae376 (patch) | |
| tree | 9632a94c7c97e50f87cd87310010813fade11a04 /http_handle_group_index.go | |
| parent | group/index: Reuse ID from first SQL query to avoid triple recursion (diff) | |
| download | forge-5614adc762adc2e94a9bf2d6d69fef46570ae376.tar.gz forge-5614adc762adc2e94a9bf2d6d69fef46570ae376.tar.zst forge-5614adc762adc2e94a9bf2d6d69fef46570ae376.zip | |
http: Check for direct user access
Diffstat (limited to 'http_handle_group_index.go')
| -rw-r--r-- | http_handle_group_index.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/http_handle_group_index.go b/http_handle_group_index.go index 438729b..e235006 100644 --- a/http_handle_group_index.go +++ b/http_handle_group_index.go @@ -61,6 +61,20 @@ func handle_group_index(w http.ResponseWriter, r *http.Request, params map[strin return } + // ACL + var count int + err = database.QueryRow(r.Context(), ` + SELECT COUNT(*) + FROM user_group_roles + WHERE user_id = $1 + AND group_id = $2 + `, params["user_id"].(int), group_id).Scan(&count) + if err != nil { + http.Error(w, "Error checking access: "+err.Error(), http.StatusInternalServerError) + return + } + direct_access := (count > 0) + // Repos var rows pgx.Rows rows, err = database.Query(r.Context(), ` @@ -115,6 +129,7 @@ func handle_group_index(w http.ResponseWriter, r *http.Request, params map[strin params["repos"] = repos params["subgroups"] = subgroups params["description"] = group_description + params["direct_access"] = direct_access fmt.Println(group_path) |