mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 23:36:18 +08:00
disallowed comms access to non admins
This commit is contained in:
parent
3596754734
commit
4f181a950c
|
@ -12,6 +12,7 @@ import (
|
|||
"github.com/gravitl/netmaker/logger"
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/gravitl/netmaker/servercfg"
|
||||
)
|
||||
|
||||
func userHandlers(r *mux.Router) {
|
||||
|
@ -166,6 +167,11 @@ func createUser(w http.ResponseWriter, r *http.Request) {
|
|||
// get node from body of request
|
||||
_ = json.NewDecoder(r.Body).Decode(&user)
|
||||
|
||||
if !user.IsAdmin && isAddingComms(user.Networks) {
|
||||
returnErrorResponse(w, r, formatError(fmt.Errorf("can not add comms network to non admin"), "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
user, err := logic.CreateUser(user)
|
||||
|
||||
if err != nil {
|
||||
|
@ -194,6 +200,10 @@ func updateUserNetworks(w http.ResponseWriter, r *http.Request) {
|
|||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if !userchange.IsAdmin && isAddingComms(userchange.Networks) {
|
||||
returnErrorResponse(w, r, formatError(fmt.Errorf("can not add comms network to non admin"), "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
err = logic.UpdateUserNetworks(userchange.Networks, userchange.IsAdmin, &user)
|
||||
if err != nil {
|
||||
|
@ -219,6 +229,10 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
|||
returnErrorResponse(w, r, formatError(fmt.Errorf("can not update user info for oauth user %s", username), "forbidden"))
|
||||
return
|
||||
}
|
||||
if !user.IsAdmin && isAddingComms(user.Networks) {
|
||||
returnErrorResponse(w, r, formatError(fmt.Errorf("can not add comms network to non admin"), "badrequest"))
|
||||
return
|
||||
}
|
||||
var userchange models.User
|
||||
// we decode our body request params
|
||||
err = json.NewDecoder(r.Body).Decode(&userchange)
|
||||
|
@ -288,3 +302,13 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
|
|||
logger.Log(1, username, "was deleted")
|
||||
json.NewEncoder(w).Encode(params["username"] + " deleted.")
|
||||
}
|
||||
|
||||
func isAddingComms(networks []string) bool {
|
||||
commsID := servercfg.GetCommsID()
|
||||
for i := range networks {
|
||||
if networks[i] == commsID {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue