Mercurial > gemma
changeset 5374:7b6a62d4117e extented-report
Enforce that only sysadmins can create import configs of 'report' type.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Thu, 24 Jun 2021 16:13:35 +0200 |
parents | dbae10503ee6 |
children | 755ed195fdc3 23a330c5b10d |
files | pkg/controllers/importconfig.go |
diffstat | 1 files changed, 12 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/controllers/importconfig.go Thu Jun 24 15:53:42 2021 +0200 +++ b/pkg/controllers/importconfig.go Thu Jun 24 16:13:35 2021 +0200 @@ -253,6 +253,18 @@ kind := imports.JobKind(cfg.Kind) + session, _ := auth.GetSession(req) + + // TODO: Find a more general way to prevent this. + if kind == imports.ReportJobKind && !session.Roles.Has("sys_admin") { + err = mw.JSONError{ + Code: http.StatusUnauthorized, + Message: fmt.Sprintf( + "Not allowed to add config for kind %s", string(cfg.Kind)), + } + return + } + ctor := imports.ImportModelForJobKind(kind) if ctor == nil { err = mw.JSONError{ @@ -266,8 +278,6 @@ return } - session, _ := auth.GetSession(req) - pc := imports.PersistentConfig{ User: session.User, Kind: string(cfg.Kind),