SQuiz/core
2
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

added method check owner result

Browse Source
This commit is contained in:
Pasha 2025-04-22 20:21:58 +03:00 committed by skeris
parent 8fb5c6992d
commit f9f27a544e
5 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -9,7 +9,7 @@ require (
gitea.pena/PenaSide/hlog v0.0.0-20241125221102-a54c29c002a9 gitea.pena/PenaSide/hlog v0.0.0-20241125221102-a54c29c002a9
gitea.pena/PenaSide/linters-golang v0.0.0-20241207122018-933207374735 gitea.pena/PenaSide/linters-golang v0.0.0-20241207122018-933207374735
gitea.pena/PenaSide/trashlog v0.0.0-20250222101337-a43552caae6f gitea.pena/PenaSide/trashlog v0.0.0-20250222101337-a43552caae6f
gitea.pena/SQuiz/common v0.0.0-20250221135056-f98c45e04909 gitea.pena/SQuiz/common v0.0.0-20250422170643-069ed8e576cc
github.com/caarlos0/env/v8 v8.0.0 github.com/caarlos0/env/v8 v8.0.0
github.com/go-redis/redis/v8 v8.11.5 github.com/go-redis/redis/v8 v8.11.5
github.com/gofiber/fiber/v2 v2.52.6 github.com/gofiber/fiber/v2 v2.52.6

6
go.sum
View File

@ -9,6 +9,12 @@ gitea.pena/PenaSide/trashlog v0.0.0-20250222101337-a43552caae6f h1:KbZU49A8tGnqW
gitea.pena/PenaSide/trashlog v0.0.0-20250222101337-a43552caae6f/go.mod h1:GRfWJerTUlgy82CiYAxE4tVYSVV54zEJJQy17Fx46E4= gitea.pena/PenaSide/trashlog v0.0.0-20250222101337-a43552caae6f/go.mod h1:GRfWJerTUlgy82CiYAxE4tVYSVV54zEJJQy17Fx46E4=
gitea.pena/SQuiz/common v0.0.0-20250221135056-f98c45e04909 h1:iCiqaJ6a7rGESAEUgtVA9IqhVn0oKiwRk7bryTWPV5w= gitea.pena/SQuiz/common v0.0.0-20250221135056-f98c45e04909 h1:iCiqaJ6a7rGESAEUgtVA9IqhVn0oKiwRk7bryTWPV5w=
gitea.pena/SQuiz/common v0.0.0-20250221135056-f98c45e04909/go.mod h1:rQRjqLlLyM71FZcvbM95Nv3ciq44F9DFtUHPZmDK3T8= gitea.pena/SQuiz/common v0.0.0-20250221135056-f98c45e04909/go.mod h1:rQRjqLlLyM71FZcvbM95Nv3ciq44F9DFtUHPZmDK3T8=
gitea.pena/SQuiz/common v0.0.0-20250422134128-c053d99ffa60 h1:oewjuWkn7UoEHZy4hl0A5t4s/PRM/7uZ3OgoGJAwMVE=
gitea.pena/SQuiz/common v0.0.0-20250422134128-c053d99ffa60/go.mod h1:/YR+uo4RouZshuHPkguk7nAJVKuFt3Z0mTFxUPdlzxQ=
gitea.pena/SQuiz/common v0.0.0-20250422165756-2cc87ee518df h1:+PVdYOD2SZQp8MfZtHi+PfcLHax3yTwl6df3b5pk5Lg=
gitea.pena/SQuiz/common v0.0.0-20250422165756-2cc87ee518df/go.mod h1:/YR+uo4RouZshuHPkguk7nAJVKuFt3Z0mTFxUPdlzxQ=
gitea.pena/SQuiz/common v0.0.0-20250422170643-069ed8e576cc h1:HnmZlJxmQJQdF+2L4DEpKpJWNVOThe4qaouVEOALmY0=
gitea.pena/SQuiz/common v0.0.0-20250422170643-069ed8e576cc/go.mod h1:/YR+uo4RouZshuHPkguk7nAJVKuFt3Z0mTFxUPdlzxQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/ClickHouse/clickhouse-go v1.5.4 h1:cKjXeYLNWVJIx2J1K6H2CqyRmfwVJVY1OV1coaaFcI0= github.com/ClickHouse/clickhouse-go v1.5.4 h1:cKjXeYLNWVJIx2J1K6H2CqyRmfwVJVY1OV1coaaFcI0=
github.com/ClickHouse/clickhouse-go v1.5.4/go.mod h1:EaI/sW7Azgz9UATzd5ZdZHRUhHgv5+JMS9NSr2smCJI= github.com/ClickHouse/clickhouse-go v1.5.4/go.mod h1:EaI/sW7Azgz9UATzd5ZdZHRUhHgv5+JMS9NSr2smCJI=

2
internal/controllers/http_controllers/result/result.go
View File

@ -96,7 +96,7 @@ func (r *Result) DelResultByID(ctx *fiber.Ctx) error {
return ctx.Status(fiber.StatusUnauthorized).SendString("could not get account ID from token") return ctx.Status(fiber.StatusUnauthorized).SendString("could not get account ID from token")
} }
resultIDStr := ctx.Params("resultId") resultIDStr := ctx.Params("resultID")
resultID, err := strconv.ParseUint(resultIDStr, 10, 64) resultID, err := strconv.ParseUint(resultIDStr, 10, 64)
if err != nil { if err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid result ID format") return ctx.Status(fiber.StatusBadRequest).SendString("Invalid result ID format")

2
internal/controllers/http_controllers/result/route.go
View File

@ -4,7 +4,7 @@ import "github.com/gofiber/fiber/v2"
func (r *Result) Register(router fiber.Router) { func (r *Result) Register(router fiber.Router) {
router.Post("/results/getResults/:quizID", r.GetResultsByQuizID) router.Post("/results/getResults/:quizID", r.GetResultsByQuizID)
router.Delete("/results/delete/:resultId", r.DelResultByID) router.Delete("/results/delete/:resultID", r.DelResultByID)
router.Patch("/result/seen", r.SetStatus) router.Patch("/result/seen", r.SetStatus)
router.Post("/results/:quizID/export", r.ExportResultsToCSV) router.Post("/results/:quizID/export", r.ExportResultsToCSV)
router.Get("/result/:resultID", r.GetResultAnswers) router.Get("/result/:resultID", r.GetResultAnswers)

35
internal/middleware/check_ownership/mw.go
View File

@ -52,21 +52,36 @@ func (o *OwnerShip) CheckQuiz(ctx *fiber.Ctx) (bool, error) {
quizID = body.QuizID quizID = body.QuizID
} }
quiz, err := o.dal.QuizRepo.GetQuizById(ctx.Context(), accountId, quizID) isOwner, err := o.dal.QuizRepo.CheckQuizOwner(ctx.Context(), accountId, quizID)
if err != nil { if err != nil {
return false, fiber.NewError(fiber.StatusInternalServerError, err.Error()) return false, fiber.NewError(fiber.StatusInternalServerError, err.Error())
} }
if quiz.AccountId != accountId { return isOwner, nil
return false, fiber.NewError(fiber.StatusForbidden, "quiz does not belong to the account")
}
return true, nil
} }
// имеем id результата и id аккаунта проверяем с помощью CheckResultOwner // имеем id результата и id аккаунта проверяем с помощью CheckResultOwner
func (o *OwnerShip) CheckResult(ctx *fiber.Ctx) (bool, error) { func (o *OwnerShip) CheckResult(ctx *fiber.Ctx) (bool, error) {
return true, nil accountID, ok := middleware.GetAccountId(ctx)
if !ok {
return false, fiber.NewError(fiber.StatusUnauthorized, "account id is required")
}
resultIDStr := ctx.Params("resultID")
if resultIDStr == "" {
return false, fiber.NewError(fiber.StatusBadRequest, "invalid resultID")
}
resultID, err := strconv.ParseUint(resultIDStr, 10, 64)
if err != nil {
return false, fiber.NewError(fiber.StatusBadRequest, "invalid result ID format")
}
isOwner, err := o.dal.ResultRepo.CheckResultOwner(ctx.Context(), resultID, accountID)
if err != nil {
return false, fiber.NewError(fiber.StatusInternalServerError, err.Error())
}
return isOwner, nil
} }
// имеем id вопроса и id аккаунта проверяем что квиз этого вопроса относится к аккаунту // имеем id вопроса и id аккаунта проверяем что квиз этого вопроса относится к аккаунту
@ -91,9 +106,9 @@ var pathCheckMap = map[string]func(*OwnerShip, *fiber.Ctx) (bool, error){
"POST /question/history": (*OwnerShip).CheckQuestion, // id "POST /question/history": (*OwnerShip).CheckQuestion, // id
"DELETE /question/delete": (*OwnerShip).CheckQuestion, // id "DELETE /question/delete": (*OwnerShip).CheckQuestion, // id
"GET /result/result/:resultID": (*OwnerShip).CheckResult, // resultID в роуте (id ответа) "GET /result/:resultID": (*OwnerShip).CheckResult, // resultID в роуте (id ответа)
"POST /result/results/getResults/:quizID": (*OwnerShip).CheckQuiz, // quizID в роуте "POST /results/getResults/:quizID": (*OwnerShip).CheckQuiz, // quizID в роуте
"POST /result/results/:quizID/export": (*OwnerShip).CheckQuiz, // quizID в роуте "POST /results/:quizID/export": (*OwnerShip).CheckQuiz, // quizID в роуте
// todo обсудить с Мишей // todo обсудить с Мишей
"POST /statistic/:quizID/devices": (*OwnerShip).CheckStatistic, "POST /statistic/:quizID/devices": (*OwnerShip).CheckStatistic,