예제 #1
0
// Verify that the commands is called by a super user or the user itself
func (l LibsecurityRestful) SameUserFilter(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
	if l.toFilter() == false {
		chain.ProcessFilter(req, resp)
		return
	}

	name := req.PathParameter(userIdParam)
	logger.Trace.Println("SameUserFilter: user name:", name)
	tokenStr := l.getCookieAccessTokenValue(req)
	if tokenStr == "" {
		l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("You need to authenticate first"))
		return
	}
	isUserMatch, err := app.IsItTheSameUser(tokenStr, name, getIPAddress(req), l.verifyKey)
	if err != nil {
		l.setError(resp, http.StatusMethodNotAllowed, err)
		return
	}
	isPrivilegeOk, _ := app.IsPrivilegeOk(tokenStr, am.SuperUserPermission, getIPAddress(req), l.verifyKey)
	if isPrivilegeOk == false && isUserMatch == false {
		tokenData, _ := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey)
		l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("User '%v' is not permited to do the operation, only the same user or root can execute it", tokenData.UserName))
		return
	}
	chain.ProcessFilter(req, resp)
}
예제 #2
0
func (l LibsecurityRestful) verifyUserPermissions(req *restful.Request, resp *restful.Response, chain *restful.FilterChain, userPermission string) bool {
	if l.toFilter() == false {
		return true
	}

	tokenStr := l.getCookieAccessTokenValue(req)
	if tokenStr == "" {
		l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("You need to authenticate first"))
		return false
	}
	isPrivilegeOk, err := app.IsPrivilegeOk(tokenStr, userPermission, getIPAddress(req), l.verifyKey)
	if err != nil {
		l.setError(resp, http.StatusMethodNotAllowed, err)
		return false
	}
	if isPrivilegeOk == false {
		l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("This command must be called by root user"))
		return false
	}
	return true
}