Check permissions to playlist operations

2020-01-21 17:18:46 -05:00
parent 57fcdac428
commit 7fe15134a6
5 changed files with 51 additions and 20 deletions
@@ -81,6 +81,9 @@ func (c *PlaylistsController) DeletePlaylist(w http.ResponseWriter, r *http.Requ
 		return nil, err
 	}
 	err = c.pls.Delete(r.Context(), id)
+	if err == model.ErrNotAuthorized {
+		return nil, NewError(responses.ErrorAuthorizationFail)
+	}
 	if err != nil {
 		log.Error(r, err)
 		return nil, NewError(responses.ErrorGeneric, "Internal Error")
@@ -110,6 +113,9 @@ func (c *PlaylistsController) UpdatePlaylist(w http.ResponseWriter, r *http.Requ
 	log.Debug(r, fmt.Sprintf("-- Removing: '%v'", songIndexesToRemove))

 	err = c.pls.Update(r.Context(), playlistId, pname, songsToAdd, songIndexesToRemove)
+	if err == model.ErrNotAuthorized {
+		return nil, NewError(responses.ErrorAuthorizationFail)
+	}
 	if err != nil {
 		log.Error(r, err)
 		return nil, NewError(responses.ErrorGeneric, "Internal Error")
@@ -1,14 +1,14 @@
 package responses

 const (
-	ErrorGeneric = iota * 10
-	ErrorMissingParameter
-	ErrorClientTooOld
-	ErrorServerTooOld
-	ErrorAuthenticationFail
-	ErrorAuthorizationFail
-	ErrorTrialExpired
-	ErrorDataNotFound
+	ErrorGeneric            = 0
+	ErrorMissingParameter   = 10
+	ErrorClientTooOld       = 20
+	ErrorServerTooOld       = 30
+	ErrorAuthenticationFail = 40
+	ErrorAuthorizationFail  = 50
+	ErrorTrialExpired       = 60
+	ErrorDataNotFound       = 70
 )

 var errors = map[int]string{