|
@ -90,6 +90,12 @@ func (c *LightController) updateLight(w http.ResponseWriter, r *http.Request) { |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
user := models.UserFromContext(r.Context()) |
|
|
|
|
|
if !group.Permission(user.ID).Write { |
|
|
|
|
|
httperr.Respond(w, httperr.ErrAccessDenied) |
|
|
|
|
|
return |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
if patch.Color != nil { |
|
|
if patch.Color != nil { |
|
|
err := light.SetColor(*patch.Color) |
|
|
err := light.SetColor(*patch.Color) |
|
|
if err != nil { |
|
|
if err != nil { |
|
@ -117,8 +123,6 @@ func (c *LightController) updateLight(w http.ResponseWriter, r *http.Request) { |
|
|
light.On = *patch.On |
|
|
light.On = *patch.On |
|
|
} |
|
|
} |
|
|
if patch.GroupID != nil && *patch.GroupID != light.GroupID { |
|
|
if patch.GroupID != nil && *patch.GroupID != light.GroupID { |
|
|
user := models.UserFromContext(r.Context()) |
|
|
|
|
|
|
|
|
|
|
|
if !group.Permission(user.ID).Delete { |
|
|
if !group.Permission(user.ID).Delete { |
|
|
respond.Error(w, 403, "cannot_move_out", "You are not permitted to delete lights from group.") |
|
|
respond.Error(w, 403, "cannot_move_out", "You are not permitted to delete lights from group.") |
|
|
return |
|
|
return |
|
@ -182,6 +186,10 @@ func (c *LightController) findLight(r *http.Request) (models.Group, models.Light |
|
|
return models.Group{}, models.Light{}, err |
|
|
return models.Group{}, models.Light{}, err |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if !group.Permission(user.ID).Read { |
|
|
|
|
|
return models.Group{}, models.Light{}, httperr.ErrAccessDenied |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
if !group.Permission(user.ID).Read { |
|
|
if !group.Permission(user.ID).Read { |
|
|
return models.Group{}, models.Light{}, &httperr.Error{Status: http.StatusForbidden, Kind: "permission_denied", Message: "Thou canst not see the light."} |
|
|
return models.Group{}, models.Light{}, &httperr.Error{Status: http.StatusForbidden, Kind: "permission_denied", Message: "Thou canst not see the light."} |
|
|
} |
|
|
} |
|
|