// Check if user is authorized to perform request. func authorizeRequest(r *http.Request, user auth.User) error { // Now that we have a user authorize the request rp, err := requiredPrivilegeForHTTPMethod(r.Method) if err != nil { return err } action := auth.Action{ Resource: auth.APIResource(strings.TrimPrefix(r.URL.Path, BasePath)), Privilege: rp, } return user.AuthorizeAction(action) }
// Check if user is authorized to perform request. func authorizeRequest(r *http.Request, user auth.User) error { // Now that we have a user authorize the request rp, err := requiredPrivilegeForHTTPMethod(r.Method) if err != nil { return err } action := auth.Action{ Resource: auth.APIResource(strings.TrimPrefix(r.URL.Path, BasePath)), Privilege: rp, } err = user.AuthorizeAction(action) if err != nil { if mp, ok := err.(missingPrivilege); ok { return fmt.Errorf("user %s does not have \"%v\" privilege for API endpoint %q", user.Name(), mp.MissingPrivlege(), r.URL.Path) } else { return err } } return nil }