give support reps access
This commit is contained in:
rxdn
parent
bef1a48420
commit
c780307872
36
app/http/endpoints/api/getpermissionlevel.go
Normal file
36
app/http/endpoints/api/getpermissionlevel.go
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
package api
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"github.com/TicketsBot/GoPanel/utils"
|
||||||
|
"github.com/TicketsBot/common/permission"
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
func GetPermissionLevel(ctx *gin.Context) {
|
||||||
|
userId := ctx.Keys["userid"].(uint64)
|
||||||
|
|
||||||
|
levels := make(map[string]permission.PermissionLevel)
|
||||||
|
|
||||||
|
for _, raw := range strings.Split(ctx.Query("guilds"), ",") {
|
||||||
|
guildId, err := strconv.ParseUint(raw, 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
ctx.JSON(400, gin.H{
|
||||||
|
"success": false,
|
||||||
|
"error": fmt.Sprintf("invalid guild id: %s", raw),
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
level := utils.GetPermissionLevel(guildId, userId)
|
||||||
|
levels[strconv.FormatUint(guildId, 10)] = level
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
ctx.JSON(200, gin.H{
|
||||||
|
"success": true,
|
||||||
|
"levels": levels,
|
||||||
|
})
|
||||||
|
}
|
||||||
@ -11,7 +11,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// requires AuthenticateCookie middleware to be run before
|
// requires AuthenticateCookie middleware to be run before
|
||||||
func AuthenticateGuild(isApiMethod bool) gin.HandlerFunc {
|
func AuthenticateGuild(isApiMethod bool, requiredPermissionLevel permission.PermissionLevel) gin.HandlerFunc {
|
||||||
return func(ctx *gin.Context) {
|
return func(ctx *gin.Context) {
|
||||||
if guildId, ok := ctx.Params.Get("id"); ok {
|
if guildId, ok := ctx.Params.Get("id"); ok {
|
||||||
parsed, err := strconv.ParseUint(guildId, 10, 64)
|
parsed, err := strconv.ParseUint(guildId, 10, 64)
|
||||||
@ -46,7 +46,7 @@ func AuthenticateGuild(isApiMethod bool) gin.HandlerFunc {
|
|||||||
|
|
||||||
// Verify the user has permissions to be here
|
// Verify the user has permissions to be here
|
||||||
userId := ctx.Keys["userid"].(uint64)
|
userId := ctx.Keys["userid"].(uint64)
|
||||||
if utils.GetPermissionLevel(guild.Id, userId) != permission.Admin {
|
if utils.GetPermissionLevel(guild.Id, userId) < requiredPermissionLevel {
|
||||||
if isApiMethod {
|
if isApiMethod {
|
||||||
ctx.AbortWithStatusJSON(403, gin.H{
|
ctx.AbortWithStatusJSON(403, gin.H{
|
||||||
"success": false,
|
"success": false,
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import (
|
|||||||
"github.com/TicketsBot/GoPanel/app/http/endpoints/root"
|
"github.com/TicketsBot/GoPanel/app/http/endpoints/root"
|
||||||
"github.com/TicketsBot/GoPanel/app/http/middleware"
|
"github.com/TicketsBot/GoPanel/app/http/middleware"
|
||||||
"github.com/TicketsBot/GoPanel/config"
|
"github.com/TicketsBot/GoPanel/config"
|
||||||
|
"github.com/TicketsBot/common/permission"
|
||||||
"github.com/gin-contrib/multitemplate"
|
"github.com/gin-contrib/multitemplate"
|
||||||
"github.com/gin-contrib/static"
|
"github.com/gin-contrib/static"
|
||||||
"github.com/gin-gonic/contrib/sessions"
|
"github.com/gin-gonic/contrib/sessions"
|
||||||
@ -53,67 +54,70 @@ func StartServer() {
|
|||||||
{
|
{
|
||||||
authorized.POST("/token", api.TokenHandler)
|
authorized.POST("/token", api.TokenHandler)
|
||||||
|
|
||||||
authenticateGuild := authorized.Group("/", middleware.AuthenticateGuild(false))
|
authenticateGuildAdmin := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Admin))
|
||||||
|
authenticateGuildSupport := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Support))
|
||||||
|
|
||||||
authorized.GET("/", root.IndexHandler)
|
authorized.GET("/", root.IndexHandler)
|
||||||
authorized.GET("/whitelabel", root.WhitelabelHandler)
|
authorized.GET("/whitelabel", root.WhitelabelHandler)
|
||||||
authorized.GET("/logout", root.LogoutHandler)
|
authorized.GET("/logout", root.LogoutHandler)
|
||||||
|
|
||||||
authenticateGuild.GET("/manage/:id/settings", manage.SettingsHandler)
|
authenticateGuildAdmin.GET("/manage/:id/settings", manage.SettingsHandler)
|
||||||
authenticateGuild.GET("/manage/:id/logs", manage.LogsHandler)
|
authenticateGuildSupport.GET("/manage/:id/logs", manage.LogsHandler)
|
||||||
authenticateGuild.GET("/manage/:id/logs/modmail", manage.ModmailLogsHandler)
|
authenticateGuildSupport.GET("/manage/:id/logs/modmail", manage.ModmailLogsHandler)
|
||||||
authenticateGuild.GET("/manage/:id/blacklist", manage.BlacklistHandler)
|
authenticateGuildSupport.GET("/manage/:id/blacklist", manage.BlacklistHandler)
|
||||||
authenticateGuild.GET("/manage/:id/panels", manage.PanelHandler)
|
authenticateGuildAdmin.GET("/manage/:id/panels", manage.PanelHandler)
|
||||||
authenticateGuild.GET("/manage/:id/tags", manage.TagsHandler)
|
authenticateGuildSupport.GET("/manage/:id/tags", manage.TagsHandler)
|
||||||
|
|
||||||
authenticateGuild.GET("/manage/:id/tickets", manage.TicketListHandler)
|
authenticateGuildSupport.GET("/manage/:id/tickets", manage.TicketListHandler)
|
||||||
authenticateGuild.GET("/manage/:id/tickets/view/:ticketId", manage.TicketViewHandler)
|
authenticateGuildSupport.GET("/manage/:id/tickets/view/:ticketId", manage.TicketViewHandler)
|
||||||
|
|
||||||
authorized.GET("/webchat", manage.WebChatWs)
|
authorized.GET("/webchat", manage.WebChatWs)
|
||||||
}
|
}
|
||||||
|
|
||||||
apiGroup := router.Group("/api", middleware.AuthenticateToken)
|
apiGroup := router.Group("/api", middleware.AuthenticateToken)
|
||||||
guildAuthApi := apiGroup.Group("/:id", middleware.AuthenticateGuild(true))
|
guildAuthApiAdmin := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Admin))
|
||||||
|
guildAuthApiSupport := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Support))
|
||||||
{
|
{
|
||||||
guildAuthApi.GET("/channels", api.ChannelsHandler)
|
guildAuthApiSupport.GET("/channels", api.ChannelsHandler)
|
||||||
guildAuthApi.GET("/premium", api.PremiumHandler)
|
guildAuthApiSupport.GET("/premium", api.PremiumHandler)
|
||||||
guildAuthApi.GET("/user/:user", api.UserHandler)
|
guildAuthApiSupport.GET("/user/:user", api.UserHandler)
|
||||||
guildAuthApi.GET("/roles", api.RolesHandler)
|
guildAuthApiSupport.GET("/roles", api.RolesHandler)
|
||||||
|
|
||||||
guildAuthApi.GET("/settings", api.GetSettingsHandler)
|
guildAuthApiAdmin.GET("/settings", api.GetSettingsHandler)
|
||||||
guildAuthApi.POST("/settings", api.UpdateSettingsHandler)
|
guildAuthApiAdmin.POST("/settings", api.UpdateSettingsHandler)
|
||||||
|
|
||||||
guildAuthApi.GET("/blacklist", api.GetBlacklistHandler)
|
guildAuthApiSupport.GET("/blacklist", api.GetBlacklistHandler)
|
||||||
guildAuthApi.PUT("/blacklist", api.AddBlacklistHandler)
|
guildAuthApiSupport.PUT("/blacklist", api.AddBlacklistHandler)
|
||||||
guildAuthApi.DELETE("/blacklist/:user", api.RemoveBlacklistHandler)
|
guildAuthApiSupport.DELETE("/blacklist/:user", api.RemoveBlacklistHandler)
|
||||||
|
|
||||||
guildAuthApi.GET("/panels", api.ListPanels)
|
guildAuthApiAdmin.GET("/panels", api.ListPanels)
|
||||||
guildAuthApi.PUT("/panels", api.CreatePanel)
|
guildAuthApiAdmin.PUT("/panels", api.CreatePanel)
|
||||||
guildAuthApi.PUT("/panels/:message", api.UpdatePanel)
|
guildAuthApiAdmin.PUT("/panels/:message", api.UpdatePanel)
|
||||||
guildAuthApi.DELETE("/panels/:message", api.DeletePanel)
|
guildAuthApiAdmin.DELETE("/panels/:message", api.DeletePanel)
|
||||||
|
|
||||||
guildAuthApi.GET("/logs/", api.GetLogs)
|
guildAuthApiSupport.GET("/logs/", api.GetLogs)
|
||||||
guildAuthApi.GET("/modmail/logs/", api.GetModmailLogs)
|
guildAuthApiSupport.GET("/modmail/logs/", api.GetModmailLogs)
|
||||||
|
|
||||||
guildAuthApi.GET("/tickets", api.GetTickets)
|
guildAuthApiSupport.GET("/tickets", api.GetTickets)
|
||||||
guildAuthApi.GET("/tickets/:ticketId", api.GetTicket)
|
guildAuthApiSupport.GET("/tickets/:ticketId", api.GetTicket)
|
||||||
guildAuthApi.POST("/tickets/:ticketId", api.SendMessage)
|
guildAuthApiSupport.POST("/tickets/:ticketId", api.SendMessage)
|
||||||
guildAuthApi.DELETE("/tickets/:ticketId", api.CloseTicket)
|
guildAuthApiSupport.DELETE("/tickets/:ticketId", api.CloseTicket)
|
||||||
|
|
||||||
guildAuthApi.GET("/tags", api.TagsListHandler)
|
guildAuthApiSupport.GET("/tags", api.TagsListHandler)
|
||||||
guildAuthApi.PUT("/tags", api.CreateTag)
|
guildAuthApiSupport.PUT("/tags", api.CreateTag)
|
||||||
guildAuthApi.DELETE("/tags/:tag", api.DeleteTag)
|
guildAuthApiSupport.DELETE("/tags/:tag", api.DeleteTag)
|
||||||
|
|
||||||
guildAuthApi.GET("/claimsettings", api.GetClaimSettings)
|
guildAuthApiAdmin.GET("/claimsettings", api.GetClaimSettings)
|
||||||
guildAuthApi.POST("/claimsettings", api.PostClaimSettings)
|
guildAuthApiAdmin.POST("/claimsettings", api.PostClaimSettings)
|
||||||
|
|
||||||
guildAuthApi.GET("/autoclose", api.GetAutoClose)
|
guildAuthApiAdmin.GET("/autoclose", api.GetAutoClose)
|
||||||
guildAuthApi.POST("/autoclose", api.PostAutoClose)
|
guildAuthApiAdmin.POST("/autoclose", api.PostAutoClose)
|
||||||
}
|
}
|
||||||
|
|
||||||
userGroup := router.Group("/user", middleware.AuthenticateToken)
|
userGroup := router.Group("/user", middleware.AuthenticateToken)
|
||||||
{
|
{
|
||||||
userGroup.GET("/guilds", api.GetGuilds)
|
userGroup.GET("/guilds", api.GetGuilds)
|
||||||
|
userGroup.GET("/permissionlevel", api.GetPermissionLevel)
|
||||||
|
|
||||||
{
|
{
|
||||||
whitelabelGroup := userGroup.Group("/whitelabel", middleware.VerifyWhitelabel(false))
|
whitelabelGroup := userGroup.Group("/whitelabel", middleware.VerifyWhitelabel(false))
|
||||||
|
|||||||
@ -30,9 +30,22 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<script>
|
<script>
|
||||||
|
async function getPermissionLevels(guilds) {
|
||||||
|
const res = await axios.get('/user/permissionlevel?guilds=' + guilds.map(guild => guild.id).join(","));
|
||||||
|
if (res.status !== 200 || !res.data.success) {
|
||||||
|
showToast('Error', res.data.error);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
return res.data.levels;
|
||||||
|
}
|
||||||
|
|
||||||
async function loadData() {
|
async function loadData() {
|
||||||
const res = await axios.get('/user/guilds');
|
const res = await axios.get('/user/guilds');
|
||||||
|
|
||||||
|
const permissionLevels = await getPermissionLevels(res.data);
|
||||||
|
console.log(permissionLevels)
|
||||||
|
|
||||||
if (res.data.length > 0) {
|
if (res.data.length > 0) {
|
||||||
document.getElementById('guild-table').style.display = 'table';
|
document.getElementById('guild-table').style.display = 'table';
|
||||||
|
|
||||||
@ -43,7 +56,14 @@
|
|||||||
const td = document.createElement('td');
|
const td = document.createElement('td');
|
||||||
|
|
||||||
const link = document.createElement('a');
|
const link = document.createElement('a');
|
||||||
link.href = `/manage/${guild.id}/settings`;
|
|
||||||
|
// admin
|
||||||
|
if (permissionLevels[guild.id] === 2) {
|
||||||
|
link.href = `/manage/${guild.id}/settings`;
|
||||||
|
} else {
|
||||||
|
link.href = `/manage/${guild.id}/logs`;
|
||||||
|
}
|
||||||
|
|
||||||
link.classList.add('server');
|
link.classList.add('server');
|
||||||
link.appendChild(document.createTextNode(guild.name));
|
link.appendChild(document.createTextNode(guild.name));
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user