Mercurial > gemma

diff pkg/controllers/importconfig.go @ 5399:47c2ca05e8ec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged extented-report branch back into default.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Wed, 07 Jul 2021 11:44:40 +0200
parents e09e003948c7
children
line wrap: on
line diff
--- a/pkg/controllers/importconfig.go	Sun Jul 04 11:37:37 2021 +0200
+++ b/pkg/controllers/importconfig.go	Wed Jul 07 11:44:40 2021 +0200
@@ -30,6 +30,11 @@
 	mw "gemma.intevation.de/gemma/pkg/middleware"
 )
 
+// RolesRequierer enforces roles when storing schedules.
+type RolesRequierer interface {
+	RequiresRoles() auth.Roles
+}
+
 func runImportConfig(req *http.Request) (jr mw.JSONResult, err error) {
 
 	id, _ := strconv.ParseInt(mux.Vars(req)["id"], 10, 64)
@@ -262,12 +267,23 @@
 		return
 	}
 	config := ctor()
+
+	session, _ := auth.GetSession(req)
+
+	if r, ok := config.(RolesRequierer); ok {
+		if roles := r.RequiresRoles(); len(roles) > 0 && !session.Roles.HasAny(roles...) {
+			err = mw.JSONError{
+				Code: http.StatusUnauthorized,
+				Message: fmt.Sprintf(
+					"Not allowed to add config for kind %s", string(cfg.Kind)),
+			}
+			return
+		}
+	}
 	if err = json.Unmarshal(cfg.Config, config); err != nil {
 		return
 	}
 
-	session, _ := auth.GetSession(req)
-
 	pc := imports.PersistentConfig{
 		User:       session.User,
 		Kind:       string(cfg.Kind),