MCPcopy
hub / github.com/writefreely/writefreely / apiCheckCollectionPermissions

Function apiCheckCollectionPermissions

collections.go:515–532  ·  view source on GitHub ↗
(app *App, r *http.Request, c *Collection)

Source from the content-addressed store, hash-verified

513}
514
515func apiCheckCollectionPermissions(app *App, r *http.Request, c *Collection) (int64, error) {
516 accessToken := r.Header.Get("Authorization")
517 var userID int64 = -1
518 if accessToken != "" {
519 userID = app.db.GetUserID(accessToken)
520 }
521 isCollOwner := userID == c.OwnerID
522 if c.IsPrivate() && !isCollOwner {
523 // Collection is private, but user isn't authenticated
524 return -1, ErrCollectionNotFound
525 }
526 if c.IsProtected() {
527 // TODO: check access token
528 return -1, ErrCollectionUnauthorizedRead
529 }
530
531 return userID, nil
532}
533
534// fetchCollection handles the API endpoint for retrieving collection data.
535func fetchCollection(app *App, w http.ResponseWriter, r *http.Request) error {

Callers 3

fetchPostFunction · 0.85
fetchCollectionFunction · 0.85
fetchCollectionPostsFunction · 0.85

Calls 3

IsPrivateMethod · 0.80
IsProtectedMethod · 0.80
GetUserIDMethod · 0.65

Tested by

no test coverage detected