Esempio n. 1
0
// Check if user is authorized to perform request.
func authorizeRequest(r *http.Request, user auth.User) error {
	// Now that we have a user authorize the request
	rp, err := requiredPrivilegeForHTTPMethod(r.Method)
	if err != nil {
		return err
	}
	action := auth.Action{
		Resource:  auth.APIResource(strings.TrimPrefix(r.URL.Path, BasePath)),
		Privilege: rp,
	}
	return user.AuthorizeAction(action)
}
Esempio n. 2
0
// Check if user is authorized to perform request.
func authorizeRequest(r *http.Request, user auth.User) error {
	// Now that we have a user authorize the request
	rp, err := requiredPrivilegeForHTTPMethod(r.Method)
	if err != nil {
		return err
	}
	action := auth.Action{
		Resource:  auth.APIResource(strings.TrimPrefix(r.URL.Path, BasePath)),
		Privilege: rp,
	}
	err = user.AuthorizeAction(action)
	if err != nil {
		if mp, ok := err.(missingPrivilege); ok {
			return fmt.Errorf("user %s does not have \"%v\" privilege for API endpoint %q", user.Name(), mp.MissingPrivlege(), r.URL.Path)
		} else {
			return err
		}
	}
	return nil
}