vbatts/ntfy
1
0
Fork 0
Code Pull requests Activity

Not really an improvemenNot really an improvementt

Browse source
This commit is contained in:
binwiederhier 2022-12-31 09:31:46 -05:00
parent bd86e3d951
commit 3d921f4570
6 changed files with 107 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

5
server/server_account.go
View file

@ -316,10 +316,13 @@ func (s *Server) handleAccountAccessAdd(w http.ResponseWriter, r *http.Request,
if !topicRegex.MatchString(req.Topic) {
return errHTTPBadRequestTopicInvalid
}
// FIXME authorize: how do I know if v.user (= auth'd user) is allowed to write the ACL entries
everyoneRead := util.Contains([]string{"read-write", "rw", "read-only", "read", "ro"}, req.Everyone)
everyoneWrite := util.Contains([]string{"read-write", "rw", "write-only", "write", "wo"}, req.Everyone)
if err := s.userManager.AllowAccess(v.user.Name, req.Topic, true, true); err != nil {
return err
}
if err := s.userManager.AllowAccess(user.Everyone, req.Topic, false, false); err != nil {
if err := s.userManager.AllowAccess(user.Everyone, req.Topic, everyoneRead, everyoneWrite); err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")

4
server/types.go
View file

@ -268,6 +268,6 @@ type apiAccountResponse struct {
}
type apiAccountAccessRequest struct {
Topic string `json:"topic"`
Access string `json:"access"`
Topic string `json:"topic"`
Everyone string `json:"everyone"`
}