diff options
Diffstat (limited to '')
-rw-r--r-- | endpoint_newcourses.go | 44 |
1 files changed, 5 insertions, 39 deletions
diff --git a/endpoint_newcourses.go b/endpoint_newcourses.go index 5963e1b..bf8f570 100644 --- a/endpoint_newcourses.go +++ b/endpoint_newcourses.go @@ -34,54 +34,19 @@ import ( func handleNewCourses(w http.ResponseWriter, req *http.Request) { if req.Method != http.MethodPost { - wstr( - w, - http.StatusMethodNotAllowed, - "Only POST is allowed here", - ) - return - } - - sessionCookie, err := req.Cookie("session") - if errors.Is(err, http.ErrNoCookie) { - wstr( - w, - http.StatusUnauthorized, - "No session cookie, which is required for this endpoint", - ) - return - } else if err != nil { - wstr(w, http.StatusBadRequest, "Error: Unable to check cookie.") + wstr(w, http.StatusMethodNotAllowed, "Only POST is allowed here") return } - var userDepartment string - err = db.QueryRow( - req.Context(), - "SELECT department FROM users WHERE session = $1", - sessionCookie.Value, - ).Scan(&userDepartment) + _, _, department, err := getUserInfoFromRequest(req) if err != nil { - if errors.Is(err, pgx.ErrNoRows) { - wstr( - w, - http.StatusForbidden, - "Invalid session cookie", - ) - return - } wstr( w, http.StatusInternalServerError, - fmt.Sprintf( - "Error: Unexpected database error: %s", - err, - ), + fmt.Sprintf("Error: %v", err), ) - return } - - if userDepartment != staffDepartment { + if department != staffDepartment { wstr( w, http.StatusForbidden, @@ -98,6 +63,7 @@ func handleNewCourses(w http.ResponseWriter, req *http.Request) { ) return } + /* TODO: Potential race. The global state may need to be write-locked. */ file, fileHeader, err := req.FormFile("coursecsv") |