# HG changeset patch
# User Sascha L. Teichmann <sascha.teichmann@intevation.de>
# Date 1624544015 -7200
# Node ID 7b6a62d4117e8e009ed0da11b1d40613810a5657
# Parent  dbae10503ee6b07395097ca97c6033e00f51e8f9
Enforce that only sysadmins can create import configs of 'report' type.

diff -r dbae10503ee6 -r 7b6a62d4117e pkg/controllers/importconfig.go
--- a/pkg/controllers/importconfig.go	Thu Jun 24 15:53:42 2021 +0200
+++ b/pkg/controllers/importconfig.go	Thu Jun 24 16:13:35 2021 +0200
@@ -253,6 +253,18 @@
 
 	kind := imports.JobKind(cfg.Kind)
 
+	session, _ := auth.GetSession(req)
+
+	// TODO: Find a more general way to prevent this.
+	if kind == imports.ReportJobKind && !session.Roles.Has("sys_admin") {
+		err = mw.JSONError{
+			Code: http.StatusUnauthorized,
+			Message: fmt.Sprintf(
+				"Not allowed to add config for kind %s", string(cfg.Kind)),
+		}
+		return
+	}
+
 	ctor := imports.ImportModelForJobKind(kind)
 	if ctor == nil {
 		err = mw.JSONError{
@@ -266,8 +278,6 @@
 		return
 	}
 
-	session, _ := auth.GetSession(req)
-
 	pc := imports.PersistentConfig{
 		User:       session.User,
 		Kind:       string(cfg.Kind),