Mercurial > gemma
diff pkg/controllers/importconfig.go @ 5399:47c2ca05e8ec
Merged extented-report branch back into default.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Wed, 07 Jul 2021 11:44:40 +0200 |
parents | e09e003948c7 |
children |
line wrap: on
line diff
--- a/pkg/controllers/importconfig.go Sun Jul 04 11:37:37 2021 +0200 +++ b/pkg/controllers/importconfig.go Wed Jul 07 11:44:40 2021 +0200 @@ -30,6 +30,11 @@ mw "gemma.intevation.de/gemma/pkg/middleware" ) +// RolesRequierer enforces roles when storing schedules. +type RolesRequierer interface { + RequiresRoles() auth.Roles +} + func runImportConfig(req *http.Request) (jr mw.JSONResult, err error) { id, _ := strconv.ParseInt(mux.Vars(req)["id"], 10, 64) @@ -262,12 +267,23 @@ return } config := ctor() + + session, _ := auth.GetSession(req) + + if r, ok := config.(RolesRequierer); ok { + if roles := r.RequiresRoles(); len(roles) > 0 && !session.Roles.HasAny(roles...) { + err = mw.JSONError{ + Code: http.StatusUnauthorized, + Message: fmt.Sprintf( + "Not allowed to add config for kind %s", string(cfg.Kind)), + } + return + } + } if err = json.Unmarshal(cfg.Config, config); err != nil { return } - session, _ := auth.GetSession(req) - pc := imports.PersistentConfig{ User: session.User, Kind: string(cfg.Kind),