In my code, I want to disable some inputs fields based on the user authentication level, I was able to do it in JavaScript, but this is unrecommended solution, and I want to make it from the server side.
Below is my go code;
package main
import (
"context"
"html/template"
"net/http"
"strings"
"time"
)
type User struct {
Flags string
Title string
}
type UsersPageData struct {
PageTitle string
Users []User
}
func requestTime(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
ctx = context.WithValue(ctx, "requestTime", time.Now().Format(time.RFC3339))
r = r.WithContext(ctx)
next.ServeHTTP(w, r)
})
}
func helloHandler(name string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var title string
if requestTime := r.Context().Value("requestTime"); requestTime != nil {
if str, ok := requestTime.(string); ok {
title = "\ngenerated at: " + str
}
}
master := strings.Join([]string{"admin", "user", "superuser", "read"}, " ")
admin := strings.Join([]string{"admin"}, " ")
user := strings.Join([]string{"user"}, " ")
tmpl := template.Must(template.ParseFiles("index.html"))
data := UsersPageData{
PageTitle: "Users list: " + title,
Users: []User{
{Flags: master, Title: "Everything"},
{Flags: admin, Title: "Administrator"},
{Flags: user, Title: "Normal user"},
},
}
tmpl.Execute(w, data)
})
}
func main() {
http.Handle("/john", requestTime(helloHandler("John")))
http.ListenAndServe(":8080", nil)
}
And here is my template including the JS code;
<style>
.admin {
color: green;
}
.user {
color: red;
--btn-disable: 0;
}
[data-authorized="no"] {
/* Attribute has this exact value */
cursor: not-allowed;
pointer-events: none;
/*Button disabled - CSS color class*/
color: #c0c0c0;
background-color: rgb(229, 229, 229) !important;
}
</style>
<h1>{{.PageTitle}}</h1>
<ul>
{{range .Users}}
<input type="text" data-permissions={{.Flags}} data-authorized="no">{{.Title}}</s>
{{end}}
</ul>
<script>
var flags = ["admin", "super user"]
var elements = document.querySelectorAll("input");
elements.forEach((element, index, array) => {
if(element.hasAttribute("data-permissions")){
console.log(element.dataset.permissions)
var perm = element.dataset.permissions.split(" ");
var found = false;
for (var i = 0; i < perm.length; i++) {
if (flags.indexOf(perm[i]) > -1) {
element.dataset.authorized = "yes"
element.removeAttribute("data-permissions")
break;
}
}
}
});
</script>
If for the same user one flag having permission to the element, and another flag does not allow this permission, then how can I open the permission for the hire one.
An example is:
type User struct {
Flags []Flag
Title string
}
master := User{
Flags: []string{Admin, Viewer},
Title: "Abnormal user",
}
In the above example, the user has 2 flags, Admin that granted the access of the element, and Viewer that blocked the access of the same element, how can I manage this?
UPDATE
After search, I tried the below, but still did not solve it, if I have multiple flags for the same user, and none of them having permissions, then it will repeat the same field multiple times;