func (l AmRestful) getPrivilege(request *restful.Request, response *restful.Response) *privilegeInfo {
var privilege privilegeInfo
err := request.ReadEntity(&privilege)
if err == nil {
err = am.IsValidPrivilege(privilege.Privilege)
}
if err != nil {
l.setError(response, http.StatusBadRequest, err)
return nil
}
return &privilege
}
// IsPrivilegeOk : Verify that the given privilege matches the one that is associated with the user defined in the token
func IsPrivilegeOk(tokenString string, privilege string, ipAddr string, verifyKey *rsa.PublicKey) (bool, error) {
err := am.IsValidPrivilege(privilege)
if err != nil {
return false, err
}
token, err := ParseToken(tokenString, ipAddr, verifyKey)
if err != nil {
return false, err
}
var entityName string
if privilege == am.SuperUserPermission {
entityName = defs.SuperUserGroupName
} else if privilege == am.AdminPermission {
entityName = defs.AdminGroupName
} else {
entityName = defs.UsersGroupName
}
if usersList.IsUserPartOfAGroup(entityName, token.UserName) {
return true, nil
}
return false, fmt.Errorf("The privilege %v is not permitted for this operation", token.Privilege)
}
