// Check if user is authorized to perform request.
func authorizeRequest(r *http.Request, user auth.User) error {
// Now that we have a user authorize the request
rp, err := requiredPrivilegeForHTTPMethod(r.Method)
if err != nil {
return err
}
action := auth.Action{
Resource: auth.APIResource(strings.TrimPrefix(r.URL.Path, BasePath)),
Privilege: rp,
}
return user.AuthorizeAction(action)
}
// Check if user is authorized to perform request.
func authorizeRequest(r *http.Request, user auth.User) error {
// Now that we have a user authorize the request
rp, err := requiredPrivilegeForHTTPMethod(r.Method)
if err != nil {
return err
}
action := auth.Action{
Resource: auth.APIResource(strings.TrimPrefix(r.URL.Path, BasePath)),
Privilege: rp,
}
err = user.AuthorizeAction(action)
if err != nil {
if mp, ok := err.(missingPrivilege); ok {
return fmt.Errorf("user %s does not have \"%v\" privilege for API endpoint %q", user.Name(), mp.MissingPrivlege(), r.URL.Path)
} else {
return err
}
}
return nil
}
