Server: enable admins to see, edit or remove domains.
This commit is contained in:
parent
b93efac9d5
commit
0f67745296
@ -474,6 +474,11 @@ class DNSManager::Storage
|
|||||||
dnsmanagerd().assert_permissions! user_id, "*", AuthD::User::PermissionLevel::Admin
|
dnsmanagerd().assert_permissions! user_id, "*", AuthD::User::PermissionLevel::Admin
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Asks `authd` for the user's permissions and verifies the `dnsmanager` permissions are "Admin"-level.
|
||||||
|
def is_admin?(user_id : UserDataID) : Bool
|
||||||
|
dnsmanagerd().is_admin? user_id
|
||||||
|
end
|
||||||
|
|
||||||
# Verifies the existence of a zone.
|
# Verifies the existence of a zone.
|
||||||
def zone_must_exist!(domain : String) : Zone
|
def zone_must_exist!(domain : String) : Zone
|
||||||
zone = zones_by_domain.get? domain
|
zone = zones_by_domain.get? domain
|
||||||
@ -482,13 +487,12 @@ class DNSManager::Storage
|
|||||||
end
|
end
|
||||||
|
|
||||||
# Owning a domain means to be in the owners' list of the domain.
|
# Owning a domain means to be in the owners' list of the domain.
|
||||||
# TODO: accept admin users to override this test.
|
|
||||||
def user_should_own!(user_id : UserDataID, domain : String) : Nil
|
def user_should_own!(user_id : UserDataID, domain : String) : Nil
|
||||||
d = domains_by_name.get? domain
|
d = domains_by_name.get? domain
|
||||||
raise DomainNotFoundException.new if d.nil?
|
raise DomainNotFoundException.new if d.nil?
|
||||||
|
|
||||||
unless d.owners.includes? user_id || user_must_be_admin! user_id
|
unless d.owners.includes? user_id
|
||||||
raise NoOwnershipException.new
|
raise NoOwnershipException.new unless is_admin? user_id
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user