|
@@ -19,7 +19,7 @@ const (
|
|
|
Unauthorized_Err = models.Error(Unauthorized_Msg)
|
|
Unauthorized_Err = models.Error(Unauthorized_Msg)
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
-func networkPermissionsCheck(user models.User, r *http.Request) error {
|
|
|
|
|
|
|
+func networkPermissionsCheck(username string, r *http.Request) error {
|
|
|
// get info from header to determine the target rsrc
|
|
// get info from header to determine the target rsrc
|
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
@@ -27,6 +27,10 @@ func networkPermissionsCheck(user models.User, r *http.Request) error {
|
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
|
}
|
|
}
|
|
|
|
|
+ user, err := GetUser(username)
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ return err
|
|
|
|
|
+ }
|
|
|
if r.Method == "" {
|
|
if r.Method == "" {
|
|
|
r.Method = http.MethodGet
|
|
r.Method = http.MethodGet
|
|
|
}
|
|
}
|
|
@@ -53,12 +57,16 @@ func networkPermissionsCheck(user models.User, r *http.Request) error {
|
|
|
return errors.New("access denied")
|
|
return errors.New("access denied")
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func globalPermissionsCheck(user models.User, r *http.Request) error {
|
|
|
|
|
|
|
+func globalPermissionsCheck(username string, r *http.Request) error {
|
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
|
}
|
|
}
|
|
|
|
|
+ user, err := GetUser(username)
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ return err
|
|
|
|
|
+ }
|
|
|
if r.Method == "" {
|
|
if r.Method == "" {
|
|
|
r.Method = http.MethodGet
|
|
r.Method = http.MethodGet
|
|
|
}
|
|
}
|
|
@@ -101,6 +109,7 @@ func SecurityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
r.Header.Set("ismaster", "no")
|
|
r.Header.Set("ismaster", "no")
|
|
|
bearerToken := r.Header.Get("Authorization")
|
|
bearerToken := r.Header.Get("Authorization")
|
|
|
|
|
+ isGlobalAccesss := r.Header.Get("IS_GLOBAL_ACCESS") == "yes"
|
|
|
username, err := UserPermissions(reqAdmin, bearerToken)
|
|
username, err := UserPermissions(reqAdmin, bearerToken)
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
ReturnErrorResponse(w, r, FormatError(err, err.Error()))
|
|
ReturnErrorResponse(w, r, FormatError(err, err.Error()))
|
|
@@ -109,6 +118,12 @@ func SecurityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
|
|
|
// detect masteradmin
|
|
// detect masteradmin
|
|
|
if username == MasterUser {
|
|
if username == MasterUser {
|
|
|
r.Header.Set("ismaster", "yes")
|
|
r.Header.Set("ismaster", "yes")
|
|
|
|
|
+ } else {
|
|
|
|
|
+ if isGlobalAccesss {
|
|
|
|
|
+ globalPermissionsCheck(username, r)
|
|
|
|
|
+ } else {
|
|
|
|
|
+ networkPermissionsCheck(username, r)
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
r.Header.Set("user", username)
|
|
r.Header.Set("user", username)
|
|
|
next.ServeHTTP(w, r)
|
|
next.ServeHTTP(w, r)
|
abhishek9686