user and root roles

src/server/route.go

@@ -37,7 +37,7 @@ func (a *App) AppRoute() *mux.Router {
 func newVersionService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
 	webService.Path("/v1/version").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, versionHandler)))
+	webService.Route(webService.GET("/").Filter(validateTokenMiddleware).Filter(requiredRootRoleMiddleware).To(handler.RESTfulServiceHandler(sp, versionHandler)))
 	return webService
 }
 

src/server/route_filter.go

@@ -1,6 +1,7 @@
 package server
 
 import (
+	"log"
 	"net/http"
 
 	"github.com/dgrijalva/jwt-go"
@@ -31,9 +32,33 @@ func validateTokenMiddleware(req *restful.Request, resp *restful.Response, chain
 		} else {
 			resp.WriteHeader(http.StatusUnauthorized)
 			logger.Infof("Token is not valid")
+			return
 		}
 	} else {
 		resp.WriteHeader(http.StatusUnauthorized)
 		logger.Infof("Unauthorized access to this resource")
+		return
+	}
+}
+
+func requiredRootRoleMiddleware(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
+	role := req.Attribute("Role").(string)
+	if role == "root" {
+		chain.ProcessFilter(req, resp)
+	} else {
+		resp.WriteHeader(http.StatusForbidden)
+		log.Printf("User role forbidden")
+		return
+	}
+}
+
+func requiredUserRoleMiddleware(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
+	role := req.Attribute("Role").(string)
+	if role == "user" || role == "root" {
+		chain.ProcessFilter(req, resp)
+	} else {
+		resp.WriteHeader(http.StatusForbidden)
+		log.Printf("User role forbidden")
+		return
 	}
 }