From 2f2d03667c8242710a6b69d49ede8e37fe40ac39 Mon Sep 17 00:00:00 2001
From: Akatsuki-Ousawa <stefan.krings1643@gmail.com>
Date: Thu, 18 May 2017 14:27:13 +0200
Subject: [PATCH] Update apiHandler.go

---
 router/apiHandler.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/router/apiHandler.go b/router/apiHandler.go
index 6c2b4e6c..59642706 100644
--- a/router/apiHandler.go
+++ b/router/apiHandler.go
@@ -96,13 +96,19 @@ func ApiViewHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func ApiUploadHandler(w http.ResponseWriter, r *http.Request) {
-	if config.UploadsDisabled {
+	user := model.User{}
+	if config.UploadsDisabled && config.AdminsAreStillAllowedTo && user.Status != 2 && config.TrustedUsersAreStillAllowedTo && user.Status != 1 {
+		http.Error(w, "Error uploads are disabled", http.StatusBadRequest)
+		return
+	} else if config.UploadsDisabled && !config.AdminsAreStillAllowedTo && user.Status == 2 {
+		http.Error(w, "Error uploads are disabled", http.StatusBadRequest)
+		return
+	} else if config.UploadsDisabled && !config.TrustedUsersAreStillAllowedTo && user.Status == 1 {
 		http.Error(w, "Error uploads are disabled", http.StatusBadRequest)
 		return
 	}
 
 	token := r.Header.Get("Authorization")
-	user := model.User{}
 	db.ORM.Where("api_token = ?", token).First(&user) //i don't like this
 	if user.ID == 0 {
 		http.Error(w, apiService.ErrApiKey.Error(), http.StatusUnauthorized)
@@ -173,7 +179,14 @@ func ApiUploadHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func ApiUpdateHandler(w http.ResponseWriter, r *http.Request) {
-	if config.UploadsDisabled {
+	user := model.User{}
+	if config.UploadsDisabled && config.AdminsAreStillAllowedTo && user.Status != 2 && config.TrustedUsersAreStillAllowedTo && user.Status != 1 {
+		http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)
+		return
+	} else if config.UploadsDisabled && !config.AdminsAreStillAllowedTo && user.Status == 2 {
+		http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)
+		return
+	} else if config.UploadsDisabled && !config.TrustedUsersAreStillAllowedTo && user.Status == 1 {
 		http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)
 		return
 	}
@@ -181,7 +194,6 @@ func ApiUpdateHandler(w http.ResponseWriter, r *http.Request) {
 	contentType := r.Header.Get("Content-Type")
 	if contentType == "application/json" {
 		token := r.Header.Get("Authorization")
-		user := model.User{}
 		db.ORM.Where("api_token = ?", token).First(&user) //i don't like this
 		if user.ID == 0 {
 			http.Error(w, apiService.ErrApiKey.Error(), http.StatusForbidden)