az/morz-infoboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(ui): manage-Handler — restricted-aware List/Create/Delete

Browse source
This commit is contained in:
Jesko Anschütz 2026-03-28 09:09:59 +01:00
parent 865c5e7ca8
commit 7b0b132169
1 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
server/backend/internal/httpapi/manage/ui.go
View file

@ -394,7 +394,11 @@ func HandleManageUI(
return
}
assets, err := media.List(r.Context(), screen.TenantID)
ownerUserID := ""
if u := reqcontext.UserFromContext(r.Context()); u != nil && u.Role == "restricted" {
ownerUserID = u.ID
}
assets, err := media.List(r.Context(), screen.TenantID, ownerUserID)
if err != nil {
http.Error(w, "db error", http.StatusInternalServerError)
return
@ -627,6 +631,11 @@ func HandleUploadMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
tenantSlug = "default"
}
createdByUserID := ""
if u := reqcontext.UserFromContext(r.Context()); u != nil {
createdByUserID = u.ID
}
switch assetType {
case "web":
url := strings.TrimSpace(r.FormValue("url"))
@ -637,7 +646,7 @@ func HandleUploadMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
if title == "" {
title = url
}
_, err = media.Create(r.Context(), screen.TenantID, title, "web", "", url, "", 0)
_, err = media.Create(r.Context(), screen.TenantID, title, "web", "", url, "", createdByUserID, 0)
case "image", "video", "pdf":
file, header, ferr := r.FormFile("file")
if ferr != nil {
@ -655,7 +664,7 @@ func HandleUploadMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
http.Error(w, "Speicherfehler", http.StatusInternalServerError)
return
}
_, err = media.Create(r.Context(), screen.TenantID, title, assetType, storagePath, "", mimeType, size)
_, err = media.Create(r.Context(), screen.TenantID, title, assetType, storagePath, "", mimeType, createdByUserID, size)
default:
http.Error(w, "Unbekannter Typ", http.StatusBadRequest)
return
@ -860,6 +869,13 @@ func HandleDeleteMediaUI(media *store.MediaStore, screens *store.ScreenStore, up
}
asset, err := media.Get(r.Context(), mediaID)
// K3: Restricted User darf nur eigene Medien löschen.
if u := reqcontext.UserFromContext(r.Context()); u != nil && !canDeleteMedia(u, asset) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
if err == nil && asset.StoragePath != "" {
os.Remove(filepath.Join(uploadDir, filepath.Base(asset.StoragePath))) //nolint:errcheck
}