Server: enable admins to see, edit or remove domains.

This commit is contained in:
Philippe Pittoli 2024-11-27 14:17:36 +01:00
parent b93efac9d5
commit 0f67745296

View File

@ -474,6 +474,11 @@ class DNSManager::Storage
dnsmanagerd().assert_permissions! user_id, "*", AuthD::User::PermissionLevel::Admin
end
# Asks `authd` for the user's permissions and verifies the `dnsmanager` permissions are "Admin"-level.
def is_admin?(user_id : UserDataID) : Bool
dnsmanagerd().is_admin? user_id
end
# Verifies the existence of a zone.
def zone_must_exist!(domain : String) : Zone
zone = zones_by_domain.get? domain
@ -482,13 +487,12 @@ class DNSManager::Storage
end
# Owning a domain means to be in the owners' list of the domain.
# TODO: accept admin users to override this test.
def user_should_own!(user_id : UserDataID, domain : String) : Nil
d = domains_by_name.get? domain
raise DomainNotFoundException.new if d.nil?
unless d.owners.includes? user_id || user_must_be_admin! user_id
raise NoOwnershipException.new
unless d.owners.includes? user_id
raise NoOwnershipException.new unless is_admin? user_id
end
end