gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 23:36:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

check for headers for subjects

Browse source
This commit is contained in:
abhishek9686 2024-05-28 18:23:08 +05:30
parent 89bbc467d9
commit 91a23160d0
1 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
logic/security.go
View file

@ -24,15 +24,18 @@ func networkPermissionsCheck(username string, r *http.Request) error {
if err != nil {
return err
}
if user.PermissionTemplate.ID == models.SuperAdminRole {
if user.PermissionTemplate.DashBoardAcls.FullAccess {
return nil
}
// get info from header to determine the target rsrc
targetRsrc := r.Header.Get("TARGET_RSRC")
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
netID := r.Header.Get("NET_ID")
if targetRsrc == "" || targetRsrcID == "" {
return errors.New("target rsrc or rsrc id is missing")
if targetRsrc == "" {
return errors.New("target rsrc is missing")
}
if netID == "" {
return errors.New("network id is missing")
}
if r.Method == "" {
r.Method = http.MethodGet
@ -54,6 +57,9 @@ func networkPermissionsCheck(username string, r *http.Request) error {
return checkPermissionScopeWithReqMethod(allRsrcsTypePermissionScope, r.Method)
}
if targetRsrcID == "" {
return errors.New("target rsrc is missing")
}
if scope, ok := rsrcPermissionScope[models.RsrcID(targetRsrcID)]; ok {
return checkPermissionScopeWithReqMethod(scope, r.Method)
}
@ -65,13 +71,13 @@ func globalPermissionsCheck(username string, r *http.Request) error {
if err != nil {
return err
}
if user.PermissionTemplate.ID == models.SuperAdminRole {
if user.PermissionTemplate.DashBoardAcls.FullAccess {
return nil
}
targetRsrc := r.Header.Get("TARGET_RSRC")
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
if targetRsrc == "" || targetRsrcID == "" {
return errors.New("target rsrc or rsrc id is missing")
if targetRsrc == "" {
return errors.New("target rsrc is missing")
}
if r.Method == "" {
r.Method = http.MethodGet
@ -87,6 +93,9 @@ func globalPermissionsCheck(username string, r *http.Request) error {
return checkPermissionScopeWithReqMethod(allRsrcsTypePermissionScope, r.Method)
}
if targetRsrcID == "" {
return errors.New("target rsrc id is missing")
}
if scope, ok := rsrcPermissionScope[models.RsrcID(targetRsrcID)]; ok {
return checkPermissionScopeWithReqMethod(scope, r.Method)
}