scripts: deduplicate permissions check

pkg/service/script_policy.go

@@ -14,18 +14,10 @@ import (
 //
 // POST /script-policy
 func (svc *Service) CreateScriptPolicy(ctx context.Context, req *api.ScriptPolicyCreate) (*api.ScriptPolicyID, error) {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return nil, ErrUserInfo
-	}
-
-	has_role, err := userInfo.HasRoleScriptWrite()
+	err := CheckHasRoleScriptWrite(ctx)
 	if err != nil {
 		return nil, err
 	}
-	if !has_role {
-		return nil, ErrPermissionDenied
-	}
 
 	from_script, err := svc.DB.Scripts().Get(ctx, req.FromScriptID)
 	if err != nil {
@@ -99,18 +91,10 @@ func (svc *Service) ListScriptPolicy(ctx context.Context, params api.ListScriptP
 //
 // DELETE /script-policy/{ScriptPolicyID}
 func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScriptPolicyParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return ErrUserInfo
-	}
-
-	has_role, err := userInfo.HasRoleScriptWrite()
+	err := CheckHasRoleScriptWrite(ctx)
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDenied
-	}
 
 	return svc.DB.ScriptPolicy().Delete(ctx, params.ScriptPolicyID)
 }
@@ -140,18 +124,10 @@ func (svc *Service) GetScriptPolicy(ctx context.Context, params api.GetScriptPol
 //
 // POST /script-policy/{ScriptPolicyID}
 func (svc *Service) UpdateScriptPolicy(ctx context.Context, req *api.ScriptPolicyUpdate, params api.UpdateScriptPolicyParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return ErrUserInfo
-	}
-
-	has_role, err := userInfo.HasRoleScriptWrite()
+	err := CheckHasRoleScriptWrite(ctx)
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDenied
-	}
 
 	pmap := datastore.Optional()
 	if from_script_id, ok := req.FromScriptID.Get(); ok {

pkg/service/scripts.go

@@ -8,24 +8,33 @@ import (
 	"git.itzana.me/strafesnet/maps-service/pkg/service_inner"
 )
 
+func CheckHasRoleScriptWrite(ctx context.Context) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	has_role, err := userInfo.HasRoleScriptWrite()
+	if err != nil {
+		return err
+	}
+	if !has_role {
+		return ErrPermissionDeniedNeedRoleScriptWrite
+	}
+
+	return nil
+}
+
 // CreateScript implements createScript operation.
 //
 // Create a new script.
 //
 // POST /scripts
 func (svc *Service) CreateScript(ctx context.Context, req *api.ScriptCreate) (*api.ScriptID, error) {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return nil, ErrUserInfo
-	}
-
-	has_role, err := userInfo.HasRoleScriptWrite()
+	err := CheckHasRoleScriptWrite(ctx)
 	if err != nil {
 		return nil, err
 	}
-	if !has_role {
-		return nil, ErrPermissionDeniedNeedRoleScriptWrite
-	}
 
 	script, err := svc.Inner.CreateScript(ctx, model.Script{
 		ID:           0,
@@ -100,18 +109,10 @@ func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParam
 //
 // DELETE /scripts/{ScriptID}
 func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return ErrUserInfo
-	}
-
-	has_role, err := userInfo.HasRoleScriptWrite()
+	err := CheckHasRoleScriptWrite(ctx)
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDeniedNeedRoleScriptWrite
-	}
 
 	return svc.Inner.DeleteScript(ctx, params.ScriptID)
 }
@@ -143,18 +144,10 @@ func (svc *Service) GetScript(ctx context.Context, params api.GetScriptParams) (
 //
 // PATCH /scripts/{ScriptID}
 func (svc *Service) UpdateScript(ctx context.Context, req *api.ScriptUpdate, params api.UpdateScriptParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return ErrUserInfo
-	}
-
-	has_role, err := userInfo.HasRoleScriptWrite()
+	err := CheckHasRoleScriptWrite(ctx)
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDeniedNeedRoleScriptWrite
-	}
 
 	name, name_ok := req.Name.Get()
 	source, source_ok := req.Source.Get()