From 7f503ab37bd0cbebccc0b625e5419fa6d3693412 Mon Sep 17 00:00:00 2001
From: Gisle Aune <dev@gisle.me>
Date: Thu, 10 Aug 2017 23:13:11 +0200
Subject: [PATCH] Added PrivateWrite and PrivateRead settings to resource.

---
 resource.go      | 31 +++++++++++++++++++++++++++----
 resource_test.go |  2 +-
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/resource.go b/resource.go
index d9f0ad6..b2112df 100644
--- a/resource.go
+++ b/resource.go
@@ -4,6 +4,8 @@ import (
 	"net/http"
 	"strings"
 
+	"git.aiterp.net/gisle/wrouter/response"
+
 	"git.aiterp.net/gisle/wrouter/auth"
 )
 
@@ -16,10 +18,13 @@ type Resource struct {
 	get    IDFunc
 	update IDFunc
 	delete IDFunc
+
+	PrivateRead  bool
+	PrivateWrite bool
 }
 
 func NewResource(list, create Func, get, update, delete IDFunc) *Resource {
-	return &Resource{list, create, get, update, delete}
+	return &Resource{list, create, get, update, delete, false, false}
 }
 
 func (resource *Resource) Handle(path string, w http.ResponseWriter, req *http.Request, user *auth.User) bool {
@@ -41,6 +46,11 @@ func (resource *Resource) Handle(path string, w http.ResponseWriter, req *http.R
 	switch req.Method {
 	case "GET":
 		{
+			if resource.PrivateRead && user == nil {
+				response.Text(w, 401, "Not logged in")
+				return true
+			}
+
 			if subpath != "" {
 				resource.get(w, req, subpath, user)
 			} else {
@@ -49,10 +59,13 @@ func (resource *Resource) Handle(path string, w http.ResponseWriter, req *http.R
 		}
 	case "POST":
 		{
+			if resource.PrivateWrite && user == nil {
+				response.Text(w, 401, "Not logged in")
+				return true
+			}
+
 			if subpath != "" {
-				w.Header().Set("Content-Type", "text/plain; charset=utf-8")
-				w.WriteHeader(400)
-				w.Write([]byte("ID not allowed in POST"))
+				response.Text(w, 400, "ID not allowed in POST")
 				return true
 			}
 
@@ -60,10 +73,20 @@ func (resource *Resource) Handle(path string, w http.ResponseWriter, req *http.R
 		}
 	case "PATCH", "PUT":
 		{
+			if resource.PrivateWrite && user == nil {
+				response.Text(w, 401, "Not logged in")
+				return true
+			}
+
 			resource.update(w, req, subpath, user)
 		}
 	case "DELETE":
 		{
+			if resource.PrivateWrite && user == nil {
+				response.Text(w, 401, "Not logged in")
+				return true
+			}
+
 			resource.delete(w, req, subpath, user)
 		}
 	}
diff --git a/resource_test.go b/resource_test.go
index 74f57d4..b1e1a4c 100644
--- a/resource_test.go
+++ b/resource_test.go
@@ -109,7 +109,7 @@ func deletePage(w http.ResponseWriter, req *http.Request, id string, user *auth.
 	response.Text(w, 404, "Page not found")
 }
 
-var resource = Resource{listPage, createPage, getPage, updatePage, deletePage}
+var resource = Resource{listPage, createPage, getPage, updatePage, deletePage, false, false}
 
 type handlerStruct struct{}