(app *App, r *http.Request, c *Collection)
| 513 | } |
| 514 | |
| 515 | func apiCheckCollectionPermissions(app *App, r *http.Request, c *Collection) (int64, error) { |
| 516 | accessToken := r.Header.Get("Authorization") |
| 517 | var userID int64 = -1 |
| 518 | if accessToken != "" { |
| 519 | userID = app.db.GetUserID(accessToken) |
| 520 | } |
| 521 | isCollOwner := userID == c.OwnerID |
| 522 | if c.IsPrivate() && !isCollOwner { |
| 523 | // Collection is private, but user isn't authenticated |
| 524 | return -1, ErrCollectionNotFound |
| 525 | } |
| 526 | if c.IsProtected() { |
| 527 | // TODO: check access token |
| 528 | return -1, ErrCollectionUnauthorizedRead |
| 529 | } |
| 530 | |
| 531 | return userID, nil |
| 532 | } |
| 533 | |
| 534 | // fetchCollection handles the API endpoint for retrieving collection data. |
| 535 | func fetchCollection(app *App, w http.ResponseWriter, r *http.Request) error { |
no test coverage detected