feat(ui): manage-Handler — restricted-aware List/Create/Delete
This commit is contained in:
Jesko Anschütz
parent
865c5e7ca8
commit
7b0b132169
1 changed files with 19 additions and 3 deletions
|
|
@ -394,7 +394,11 @@ func HandleManageUI(
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
assets, err := media.List(r.Context(), screen.TenantID)
|
ownerUserID := ""
|
||||||
|
if u := reqcontext.UserFromContext(r.Context()); u != nil && u.Role == "restricted" {
|
||||||
|
ownerUserID = u.ID
|
||||||
|
}
|
||||||
|
assets, err := media.List(r.Context(), screen.TenantID, ownerUserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, "db error", http.StatusInternalServerError)
|
http.Error(w, "db error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
|
|
@ -627,6 +631,11 @@ func HandleUploadMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
|
||||||
tenantSlug = "default"
|
tenantSlug = "default"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
createdByUserID := ""
|
||||||
|
if u := reqcontext.UserFromContext(r.Context()); u != nil {
|
||||||
|
createdByUserID = u.ID
|
||||||
|
}
|
||||||
|
|
||||||
switch assetType {
|
switch assetType {
|
||||||
case "web":
|
case "web":
|
||||||
url := strings.TrimSpace(r.FormValue("url"))
|
url := strings.TrimSpace(r.FormValue("url"))
|
||||||
|
|
@ -637,7 +646,7 @@ func HandleUploadMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
|
||||||
if title == "" {
|
if title == "" {
|
||||||
title = url
|
title = url
|
||||||
}
|
}
|
||||||
_, err = media.Create(r.Context(), screen.TenantID, title, "web", "", url, "", 0)
|
_, err = media.Create(r.Context(), screen.TenantID, title, "web", "", url, "", createdByUserID, 0)
|
||||||
case "image", "video", "pdf":
|
case "image", "video", "pdf":
|
||||||
file, header, ferr := r.FormFile("file")
|
file, header, ferr := r.FormFile("file")
|
||||||
if ferr != nil {
|
if ferr != nil {
|
||||||
|
|
@ -655,7 +664,7 @@ func HandleUploadMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
|
||||||
http.Error(w, "Speicherfehler", http.StatusInternalServerError)
|
http.Error(w, "Speicherfehler", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
_, err = media.Create(r.Context(), screen.TenantID, title, assetType, storagePath, "", mimeType, size)
|
_, err = media.Create(r.Context(), screen.TenantID, title, assetType, storagePath, "", mimeType, createdByUserID, size)
|
||||||
default:
|
default:
|
||||||
http.Error(w, "Unbekannter Typ", http.StatusBadRequest)
|
http.Error(w, "Unbekannter Typ", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
|
|
@ -860,6 +869,13 @@ func HandleDeleteMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
|
||||||
}
|
}
|
||||||
|
|
||||||
asset, err := media.Get(r.Context(), mediaID)
|
asset, err := media.Get(r.Context(), mediaID)
|
||||||
|
|
||||||
|
// K3: Restricted User darf nur eigene Medien löschen.
|
||||||
|
if u := reqcontext.UserFromContext(r.Context()); u != nil && !canDeleteMedia(u, asset) {
|
||||||
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err == nil && asset.StoragePath != "" {
|
if err == nil && asset.StoragePath != "" {
|
||||||
os.Remove(filepath.Join(uploadDir, filepath.Base(asset.StoragePath))) //nolint:errcheck
|
os.Remove(filepath.Join(uploadDir, filepath.Base(asset.StoragePath))) //nolint:errcheck
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue