diff --git a/controllers/user.go b/controllers/user.go index c9e387e3..78fb6ae8 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -12,6 +12,7 @@ import ( "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/logic" "github.com/gravitl/netmaker/models" + "github.com/gravitl/netmaker/servercfg" ) func userHandlers(r *mux.Router) { @@ -166,6 +167,11 @@ func createUser(w http.ResponseWriter, r *http.Request) { // get node from body of request _ = json.NewDecoder(r.Body).Decode(&user) + if !user.IsAdmin && isAddingComms(user.Networks) { + returnErrorResponse(w, r, formatError(fmt.Errorf("can not add comms network to non admin"), "badrequest")) + return + } + user, err := logic.CreateUser(user) if err != nil { @@ -194,6 +200,10 @@ func updateUserNetworks(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, formatError(err, "internal")) return } + if !userchange.IsAdmin && isAddingComms(userchange.Networks) { + returnErrorResponse(w, r, formatError(fmt.Errorf("can not add comms network to non admin"), "badrequest")) + return + } err = logic.UpdateUserNetworks(userchange.Networks, userchange.IsAdmin, &user) if err != nil { @@ -219,6 +229,10 @@ func updateUser(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, formatError(fmt.Errorf("can not update user info for oauth user %s", username), "forbidden")) return } + if !user.IsAdmin && isAddingComms(user.Networks) { + returnErrorResponse(w, r, formatError(fmt.Errorf("can not add comms network to non admin"), "badrequest")) + return + } var userchange models.User // we decode our body request params err = json.NewDecoder(r.Body).Decode(&userchange) @@ -288,3 +302,13 @@ func deleteUser(w http.ResponseWriter, r *http.Request) { logger.Log(1, username, "was deleted") json.NewEncoder(w).Encode(params["username"] + " deleted.") } + +func isAddingComms(networks []string) bool { + commsID := servercfg.GetCommsID() + for i := range networks { + if networks[i] == commsID { + return true + } + } + return false +}