ripple-api/app/tokens.go
Howl e4d27f8d6b Allow users with AdminManageUsers to see banned users
Also:
- General code refactoring
- Allow banned/restricted users to see their scores etc
- common.MethodData now contains UserPrivileges
- UserPrivileges have now their own type
- Implement md.HasQuery, to know if there's a GET querystring parameter or not
2016-08-27 12:04:12 +02:00

45 lines
1003 B
Go

package app
import (
"crypto/md5"
"database/sql"
"fmt"
"github.com/jmoiron/sqlx"
"git.zxq.co/ripple/rippleapi/common"
)
// GetTokenFull retrieves an user ID and their token privileges knowing their API token.
func GetTokenFull(token string, db *sqlx.DB) (common.Token, bool) {
var t common.Token
var (
tokenPrivsRaw uint64
userPrivsRaw uint64
)
var priv8 bool
err := db.QueryRow(`SELECT
t.id, t.user, t.privileges, t.private, u.privileges
FROM tokens t
LEFT JOIN users u ON u.id = t.user
WHERE token = ? LIMIT 1`,
fmt.Sprintf("%x", md5.Sum([]byte(token)))).
Scan(
&t.ID, &t.UserID, &tokenPrivsRaw, &priv8, &userPrivsRaw,
)
if priv8 {
tokenPrivsRaw = common.PrivilegeReadConfidential | common.PrivilegeWrite
}
t.TokenPrivileges = common.Privileges(tokenPrivsRaw)
t.UserPrivileges = common.UserPrivileges(userPrivsRaw)
switch {
case err == sql.ErrNoRows:
return common.Token{}, false
case err != nil:
panic(err)
default:
t.Value = token
return t, true
}
}