Пример #1
0
// DELETE: /clientgroup/{id}
func (cr *ClientGroupController) Delete(id string, cx *goweb.Context) {
	LogRequest(cx.Request)

	// Try to authenticate user.
	u, err := request.Authenticate(cx.Request)
	if err != nil && err.Error() != e.NoAuth {
		cx.RespondWithErrorMessage(err.Error(), http.StatusUnauthorized)
		return
	}

	// If no auth was provided and ANON_CG_DELETE is true, use the public user.
	// Otherwise if no auth was provided, throw an error.
	// Otherwise, proceed with deletion of the clientgroup using the user.
	if u == nil {
		if conf.ANON_CG_DELETE == true {
			u = &user.User{Uuid: "public"}
		} else {
			cx.RespondWithErrorMessage(e.UnAuth, http.StatusUnauthorized)
			return
		}
	}

	// Load clientgroup by id
	cg, err := core.LoadClientGroup(id)

	if err != nil {
		if err == mgo.ErrNotFound {
			cx.RespondWithNotFound()
		} else {
			// In theory the db connection could be lost between
			// checking user and load but seems unlikely.
			cx.RespondWithErrorMessage("clientgroup id not found:"+id, http.StatusBadRequest)
		}
		return
	}

	// User must have delete permissions on clientgroup or be clientgroup owner or be an admin or the clientgroup is publicly deletable.
	// The other possibility is that public deletion of clientgroups is enabled and the clientgroup is publicly deletable.
	rights := cg.Acl.Check(u.Uuid)
	public_rights := cg.Acl.Check("public")
	if (u.Uuid != "public" && (cg.Acl.Owner == u.Uuid || rights["delete"] == true || u.Admin == true || public_rights["delete"] == true)) ||
		(u.Uuid == "public" && conf.ANON_CG_DELETE == true && public_rights["delete"] == true) {
		err := core.DeleteClientGroup(id)
		if err != nil {
			cx.RespondWithErrorMessage("Could not delete clientgroup.", http.StatusInternalServerError)
			return
		}
		cx.RespondWithOK()
		return
	}

	cx.RespondWithErrorMessage(e.UnAuth, http.StatusUnauthorized)
	return
}
Пример #2
0
	}

	// If no auth was provided, and anonymous read is allowed, use the public user
	if u == nil {
		if conf.ANON_CG_READ == true {
			u = &user.User{Uuid: "public"}
		} else {
			cx.RespondWithErrorMessage(e.NoAuth, http.StatusUnauthorized)
			return
		}
	}

	cgid := cx.PathParams["cgid"]

	// Load clientgroup by id
	cg, err := core.LoadClientGroup(cgid)
	if err != nil {
		if err == mgo.ErrNotFound {
			cx.RespondWithNotFound()
			return
		} else {
			// In theory the db connection could be lost between
			// checking user and load but seems unlikely.
			cx.RespondWithErrorMessage("clientgroup not found: "+cgid, http.StatusBadRequest)
			return
		}
	}

	// Only the owner, an admin, or someone with read access can view acl's.
	//
	// NOTE: If the clientgroup is publicly owned, then anyone can view all acl's. The owner can only