Opt: api forbidden status code

1 year ago · ab84231421
parent 12ff9ab1a1
commit ab84231421
2 changed files with 37 additions and 10 deletions
--- a/server/handlers/movie.go
+++ b/server/handlers/movie.go
@ -266,7 +266,7 @@ func NewPublishKey(ctx *gin.Context) {
 	}

 	if movie.Movie.CreatorID != user.ID && !user.HasRoomPermission(room, dbModel.PermissionEditUser) {
-		ctx.AbortWithStatus(http.StatusForbidden)
+		ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(dbModel.ErrNoPermission))
 		return
 	}

@ -304,6 +304,10 @@ func EditMovie(ctx *gin.Context) {
 	}

 	if err := user.UpdateMovie(room, req.Id, (*dbModel.BaseMovie)(&req.PushMovieReq)); err != nil {
+		if errors.Is(err, dbModel.ErrNoPermission) {
+			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
+			return
+		}
 		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
 		return
 	}
@ -333,6 +337,10 @@ func DelMovie(ctx *gin.Context) {

 	err := user.DeleteMoviesByID(room, req.Ids)
 	if err != nil {
+		if errors.Is(err, dbModel.ErrNoPermission) {
+			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
+			return
+		}
 		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
 		return
 	}
@ -355,6 +363,10 @@ func ClearMovies(ctx *gin.Context) {
 	user := ctx.MustGet("user").(*op.User)

 	if err := user.ClearMovies(room); err != nil {
+		if errors.Is(err, dbModel.ErrNoPermission) {
+			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
+			return
+		}
 		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
 		return
 	}
@ -405,20 +417,23 @@ func ChangeCurrentMovie(ctx *gin.Context) {
 	user := ctx.MustGet("user").(*op.User)

 	req := model.IdCanEmptyReq{}
-	if err := model.Decode(ctx, &req); err != nil {
+	err := model.Decode(ctx, &req)
+	if err != nil {
 		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
 		return
 	}

 	if req.Id == "" {
-		err := user.SetCurrentMovie(room, nil, false)
+		err = user.SetCurrentMovie(room, nil, false)
+	} else {
+		err = user.SetCurrentMovieByID(room, req.Id, true)
+	}
 	if err != nil {
-			ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
+		if errors.Is(err, dbModel.ErrNoPermission) {
+			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
 			return
 		}
-	} else if err := user.SetCurrentMovieByID(room, req.Id, true); err != nil {
 		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
-		return
 	}

 	current, err := genCurrent(ctx, room.Current(), user.ID)
--- a/server/handlers/room.go
+++ b/server/handlers/room.go
@ -203,9 +203,13 @@ func DeleteRoom(ctx *gin.Context) {
 	user := ctx.MustGet("user").(*op.User)

 	if err := user.DeleteRoom(room); err != nil {
+		if errors.Is(err, dbModel.ErrNoPermission) {
 			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
 			return
 		}
+		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
+		return
+	}

 	ctx.Status(http.StatusNoContent)
 }
@ -221,9 +225,13 @@ func SetRoomPassword(ctx *gin.Context) {
 	}

 	if err := user.SetRoomPassword(room, req.Password); err != nil {
+		if errors.Is(err, dbModel.ErrNoPermission) {
 			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
 			return
 		}
+		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
+		return
+	}

 	token, err := middlewares.NewAuthRoomToken(user, room)
 	if err != nil {
@ -255,9 +263,13 @@ func SetRoomSetting(ctx *gin.Context) {
 	}

 	if err := user.SetRoomSetting(room, dbModel.RoomSettings(req)); err != nil {
+		if errors.Is(err, dbModel.ErrNoPermission) {
 			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
 			return
 		}
+		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
+		return
+	}

 	ctx.Status(http.StatusNoContent)
 }