From 87de0ae1be55daa4465d22beb9766a93305d69ee Mon Sep 17 00:00:00 2001
From: Henrique Dias <hacdias@gmail.com>
Date: Sun, 21 Aug 2016 19:21:09 +0100
Subject: [PATCH] add back-end flags to #19

---
 config/config.go  |  1 +
 directory/file.go | 22 ----------------------
 filemanager.go    | 33 +++++++++++++++++++++++++++++++++
 page/page.go      |  1 -
 4 files changed, 34 insertions(+), 23 deletions(-)

diff --git a/config/config.go b/config/config.go
index 56c329da..f9f543bf 100644
--- a/config/config.go
+++ b/config/config.go
@@ -21,6 +21,7 @@ type Config struct {
 	Token       string // Anti CSRF token
 	HugoEnabled bool   // Enables the Hugo plugin for File Manager
 	Users       map[string]*UserConfig
+	CurrentUser *UserConfig
 }
 
 // UserConfig contains the configuration for each user
diff --git a/directory/file.go b/directory/file.go
index 04146622..726116c8 100644
--- a/directory/file.go
+++ b/directory/file.go
@@ -170,17 +170,6 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config
 		},
 	}
 
-	// Set the current User
-	user, _, ok := r.BasicAuth()
-
-	if !ok {
-		page.Info.User = c.UserConfig
-	}
-
-	if _, ok := c.Users[user]; ok {
-		page.Info.User = c.Users[user]
-	}
-
 	if CanBeEdited(i.Name) {
 		editor, err := i.GetEditor()
 
@@ -261,17 +250,6 @@ func (i *Info) serveListing(w http.ResponseWriter, r *http.Request, c *config.Co
 		},
 	}
 
-	// Set the current User
-	user, _, ok := r.BasicAuth()
-
-	if !ok {
-		page.Info.User = c.UserConfig
-	}
-
-	if _, ok := c.Users[user]; ok {
-		page.Info.User = c.Users[user]
-	}
-
 	if r.Header.Get("Minimal") == "true" {
 		page.Minimal = true
 	}
diff --git a/filemanager.go b/filemanager.go
index 654b242e..0280db88 100644
--- a/filemanager.go
+++ b/filemanager.go
@@ -41,8 +41,20 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 		code        int
 		err         error
 		serveAssets bool
+		user        *config.UserConfig
 	)
 
+	// Set the current User
+	username, _, ok := r.BasicAuth()
+
+	if !ok {
+		user = c.UserConfig
+	}
+
+	if _, ok := c.Users[username]; ok {
+		user = c.Users[username]
+	}
+
 	for i := range f.Configs {
 		if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {
 			c = &f.Configs[i]
@@ -102,11 +114,20 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 				if fi.IsDir {
 					return http.StatusNotAcceptable, nil
 				}
+
+				if !user.AllowEdit {
+					return http.StatusUnauthorized, nil
+				}
+
 				// Update a file
 				return fi.Update(w, r, c)
 			case http.MethodPost:
 				// Upload a new file
 				if r.Header.Get("Upload") == "true" {
+					if !user.AllowNew {
+						return http.StatusUnauthorized, nil
+					}
+
 					return upload(w, r, c)
 				}
 				// Search and git commands
@@ -115,14 +136,26 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 				}
 				// VCS commands
 				if r.Header.Get("Command") != "" {
+					if !user.AllowCommands {
+						return http.StatusUnauthorized, nil
+					}
+
 					return vcsCommand(w, r, c)
 				}
 				// Creates a new folder
 				return newDirectory(w, r, c)
 			case http.MethodDelete:
+				if !user.AllowEdit {
+					return http.StatusUnauthorized, nil
+				}
+
 				// Delete a file or a directory
 				return fi.Delete()
 			case http.MethodPatch:
+				if !user.AllowEdit {
+					return http.StatusUnauthorized, nil
+				}
+
 				// Rename a file or directory
 				return fi.Rename(w, r)
 			default:
diff --git a/page/page.go b/page/page.go
index 0da95214..21ae4804 100644
--- a/page/page.go
+++ b/page/page.go
@@ -25,7 +25,6 @@ type Info struct {
 	Path   string
 	IsDir  bool
 	Config *config.Config
-	User   *config.UserConfig
 	Data   interface{}
 }