func (l amRestful) getPrivilege(request *restful.Request, response *restful.Response) *privilegeInfo {
var privilege privilegeInfo
err := request.ReadEntity(&privilege)
if err == nil {
err = am.IsValidPrivilege(privilege.Privilege)
}
if err != nil {
l.setError(response, http.StatusBadRequest, err)
return nil
}
return &privilege
}
// Verify that the given privilege matches the one that is associated with the user defined in the token
func IsPrivilegeOk(tokenString string, privilege string, ipAddr string, verifyKey []byte) (bool, error) {
err := am.IsValidPrivilege(privilege)
if err != nil {
return false, err
}
token, err := ParseToken(tokenString, ipAddr, verifyKey)
if err != nil {
return false, err
}
var entityName string
if privilege == SuperUserPermission {
entityName = stc.SuperUserGroupName
} else if privilege == AdminPermission {
entityName = stc.AdminGroupName
} else {
entityName = stc.UsersGroupName
}
if usersList.IsUserPartOfAGroup(entityName, token.UserName) {
return true, nil
}
return false, fmt.Errorf("The privilege %v is not permited to this operation", token.Privilege)
}