| 55 | } |
| 56 | |
| 57 | func withSelfOrAdmin(fn handleFunc) handleFunc { |
| 58 | return withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) { |
| 59 | id, err := getUserID(r) |
| 60 | if err != nil { |
| 61 | return http.StatusInternalServerError, err |
| 62 | } |
| 63 | |
| 64 | if d.user.ID != id && !d.user.Perm.Admin { |
| 65 | return http.StatusForbidden, nil |
| 66 | } |
| 67 | |
| 68 | d.raw = id |
| 69 | return fn(w, r, d) |
| 70 | }) |
| 71 | } |
| 72 | |
| 73 | var usersGetHandler = withAdmin(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) { |
| 74 | users, err := d.store.Users.Gets(d.server.Root, d.server.FollowExternalSymlinks) |