wisplite/raster
1
0
Fork 0
mirror of https://github.com/wisplite/raster.git synced 2026-05-01 06:32:44 -05:00
Code Issues Packages Projects Releases Wiki Activity

refactor album access logic to handle guest users and improve state initialization in gallery components

Browse Source
This commit is contained in:
wisplite
2025-11-22 23:56:47 -06:00
parent d9bad97a53
commit eb2691af75
4 changed files with 42 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/routes/album.go
-4
View File
@@ -11,10 +11,6 @@ func RegisterAlbumRoutes(rg *gin.RouterGroup) {
album := rg.Group("/albums")
album.POST("/getAlbumsInParent", func(c *gin.Context) {
accessToken := c.GetHeader("Authorization")
if accessToken == "" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
return
}
var request struct {
ParentID string `json:"parentId"`
}
backend/internal/services/album.go
+9 -4
View File
@@ -14,17 +14,22 @@ import (
func GetAlbumsInParent(parentID string, authToken string) ([]models.Album, error) {
userID, err := ValidateAccessToken(authToken)
if err != nil {
return []models.Album{}, err
if err != gorm.ErrRecordNotFound { //if record not found, assume user is guest
return []models.Album{}, err
}
}
accessLevel, err := CheckUserAlbumAccess(userID, parentID)
if err != nil {
return []models.Album{}, err
if err != gorm.ErrRecordNotFound { //if record not found, assume user is guest
return []models.Album{}, err
}
accessLevel = 1
}
if accessLevel < 1 {
if accessLevel < 0 {
return []models.Album{}, fmt.Errorf("user does not have permission to view albums in this parent")
}
albums := []models.Album{}
result := db.GetDB().Where("private = ?", false).Where("parent_id = ?", parentID).Find(&albums)
result := db.GetDB().Where("parent_id = ?", parentID).Find(&albums)
if result.Error != nil {
return []models.Album{}, result.Error
}