ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-04 12:04:11 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: groupModify: deny early if user is not an owner of the group

Browse source 
This way, the error message is clearer
This commit is contained in:
Stéphane Lesimple 2021-02-15 11:16:01 +00:00 committed by Stéphane Lesimple
parent 7eeccb7c5d
commit e235199715
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/plugin/group-owner/groupModify
View file

@ -49,6 +49,11 @@ $fnret or osh_exit $fnret;
$group = $fnret->value->{'group'};
my $shortGroup = $fnret->value->{'shortGroup'};
$fnret = OVH::Bastion::is_group_owner(account => $self, group => $shortGroup, superowner => 1);
if (!$fnret) {
osh_exit 'ERR_NOT_GROUP_OWNER', "You must be an owner to delete an egress group key";
}
if (defined $mfaRequired && !grep { $mfaRequired eq $_ } qw{ password totp any none }) {
help();
osh_exit 'ERR_INVALID_PARAMETER', "Expected 'password', 'totp', 'any' or 'none' as parameter to --mfa-required";