File tree 2 files changed +33
-1
lines changed 2 files changed +33
-1
lines changed Original file line number Diff line number Diff line change @@ -195,10 +195,13 @@ func Route() *mux.Router {
195195 tasksAPI .Path ("/{task_id}" ).HandlerFunc (tasks .GetTasks ).Methods ("GET" , "HEAD" )
196196 tasksAPI .Path ("/{task_id}" ).HandlerFunc (tasks .DeleteTask ).Methods ("DELETE" )
197197
198+ userUserAPI := authenticatedAPI .Path ("/users/{user_id}" ).Subrouter ()
199+ userUserAPI .Use (readonlyUserMiddleware )
200+ userUserAPI .Methods ("GET" , "HEAD" ).HandlerFunc (getUser )
201+
198202 userAPI := authenticatedAPI .Path ("/users/{user_id}" ).Subrouter ()
199203 userAPI .Use (getUserMiddleware )
200204
201- userAPI .Methods ("GET" , "HEAD" ).HandlerFunc (getUser )
202205 userAPI .Methods ("PUT" ).HandlerFunc (updateUser )
203206 userAPI .Methods ("DELETE" ).HandlerFunc (deleteUser )
204207
Original file line number Diff line number Diff line change @@ -75,6 +75,35 @@ func addUser(w http.ResponseWriter, r *http.Request) {
7575
7676 helpers .WriteJSON (w , http .StatusCreated , newUser )
7777}
78+ func readonlyUserMiddleware (next http.Handler ) http.Handler {
79+ return http .HandlerFunc (func (w http.ResponseWriter , r * http.Request ) {
80+ userID , err := helpers .GetIntParam ("user_id" , w , r )
81+
82+ if err != nil {
83+ return
84+ }
85+
86+ user , err := helpers .Store (r ).GetUser (userID )
87+
88+ if err != nil {
89+ helpers .WriteError (w , err )
90+ return
91+ }
92+
93+ editor := context .Get (r , "user" ).(* db.User )
94+
95+ if ! editor .Admin && editor .ID != user .ID {
96+ user = db.User {
97+ ID : user .ID ,
98+ Username : user .Username ,
99+ Name : user .Name ,
100+ }
101+ }
102+
103+ context .Set (r , "_user" , user )
104+ next .ServeHTTP (w , r )
105+ })
106+ }
78107
79108func getUserMiddleware (next http.Handler ) http.Handler {
80109 return http .HandlerFunc (func (w http.ResponseWriter , r * http.Request ) {
You can’t perform that action at this time.
0 commit comments