|
@@ -20,6 +20,13 @@ const (
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
func networkPermissionsCheck(username string, r *http.Request) error {
|
|
func networkPermissionsCheck(username string, r *http.Request) error {
|
|
|
|
|
+ user, err := GetUser(username)
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ return err
|
|
|
|
|
+ }
|
|
|
|
|
+ if user.PermissionTemplate.ID == models.SuperAdminRole {
|
|
|
|
|
+ return nil
|
|
|
|
|
+ }
|
|
|
// get info from header to determine the target rsrc
|
|
// get info from header to determine the target rsrc
|
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
@@ -27,10 +34,6 @@ func networkPermissionsCheck(username string, r *http.Request) error {
|
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
|
}
|
|
}
|
|
|
- user, err := GetUser(username)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- return err
|
|
|
|
|
- }
|
|
|
|
|
if r.Method == "" {
|
|
if r.Method == "" {
|
|
|
r.Method = http.MethodGet
|
|
r.Method = http.MethodGet
|
|
|
}
|
|
}
|
|
@@ -58,15 +61,18 @@ func networkPermissionsCheck(username string, r *http.Request) error {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func globalPermissionsCheck(username string, r *http.Request) error {
|
|
func globalPermissionsCheck(username string, r *http.Request) error {
|
|
|
|
|
+ user, err := GetUser(username)
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ return err
|
|
|
|
|
+ }
|
|
|
|
|
+ if user.PermissionTemplate.ID == models.SuperAdminRole {
|
|
|
|
|
+ return nil
|
|
|
|
|
+ }
|
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
targetRsrc := r.Header.Get("TARGET_RSRC")
|
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
|
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
if targetRsrc == "" || targetRsrcID == "" {
|
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
return errors.New("target rsrc or rsrc id is missing")
|
|
|
}
|
|
}
|
|
|
- user, err := GetUser(username)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- return err
|
|
|
|
|
- }
|
|
|
|
|
if r.Method == "" {
|
|
if r.Method == "" {
|
|
|
r.Method = http.MethodGet
|
|
r.Method = http.MethodGet
|
|
|
}
|
|
}
|
abhishek9686