2016-04-03 17:59:27 +00:00
|
|
|
package common
|
|
|
|
|
2016-08-27 10:04:12 +00:00
|
|
|
import "fmt"
|
|
|
|
|
|
|
|
// Token is an API token.
|
2016-04-03 17:59:27 +00:00
|
|
|
type Token struct {
|
2016-08-27 10:04:12 +00:00
|
|
|
ID int
|
|
|
|
Value string
|
|
|
|
UserID int
|
|
|
|
TokenPrivileges Privileges
|
|
|
|
UserPrivileges UserPrivileges
|
|
|
|
}
|
|
|
|
|
|
|
|
// OnlyUserPublic returns a string containing "(user.privileges & 1 = 1 OR users.id = <userID>)"
|
|
|
|
// if the user does not have the UserPrivilege AdminManageUsers, and returns "1" otherwise.
|
|
|
|
func (t Token) OnlyUserPublic(userManagerSeesEverything bool) string {
|
|
|
|
if userManagerSeesEverything &&
|
|
|
|
t.UserPrivileges&AdminPrivilegeManageUsers == AdminPrivilegeManageUsers {
|
|
|
|
return "1"
|
|
|
|
}
|
|
|
|
// It's safe to use sprintf directly even if it's a query, because UserID is an int.
|
2016-08-27 10:52:17 +00:00
|
|
|
return fmt.Sprintf("(users.privileges & 1 = 1 OR users.id = '%d')", t.UserID)
|
2016-04-03 17:59:27 +00:00
|
|
|
}
|