DeforaNetworks/corteza
DeforaNetworks/corteza
3
0
Fork 0
Code

Add guards for everyone-role changes

Browse Source
This commit is contained in:
Denis Arh 2020-02-17 19:04:55 +01:00
parent 1da269abc7
commit b0ef8cd2cb
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
system/service/access_control.go
View File

@ -95,14 +95,25 @@ func (svc accessControl) FilterReadableRoles(ctx context.Context) *permissions.R
}
func (svc accessControl) CanUpdateRole(ctx context.Context, rl *types.Role) bool {
if rl.ID == permissions.EveryoneRoleID {
return false
}
return svc.can(ctx, rl, "update")
}
func (svc accessControl) CanDeleteRole(ctx context.Context, rl *types.Role) bool {
if rl.ID == permissions.EveryoneRoleID {
return false
}
return svc.can(ctx, rl, "delete")
}
func (svc accessControl) CanManageRoleMembers(ctx context.Context, rl *types.Role) bool {
if rl.ID == permissions.EveryoneRoleID {
return false
}
return svc.can(ctx, rl, "members.manage")
}

5
system/service/role.go
View File

@ -359,7 +359,12 @@ func (svc role) Membership(userID uint64) ([]*types.RoleMember, error) {
}
func (svc role) MemberList(roleID uint64) ([]*types.RoleMember, error) {
if roleID == permissions.EveryoneRoleID {
return nil, ErrInvalidID.withStack()
}
_, err := svc.findByID(roleID)
if err != nil {
return nil, err
}