Check if the user is admin with `is_admin?` function in `dnsmanagerd`.

dev
Philippe PITTOLI 2024-05-07 12:48:52 +02:00
parent 4923fb34f9
commit 234259a9d0
2 changed files with 10 additions and 2 deletions

View File

@ -84,6 +84,11 @@ class DNSManager::Service < IPC
@authd.decode_token token @authd.decode_token token
end end
def is_admin?(uid : UInt32) : Bool
perms = check_permissions uid, "*"
(perms == AuthD::User::PermissionLevel::Admin)
end
def check_permissions(uid : UInt32, resource : String) : AuthD::User::PermissionLevel def check_permissions(uid : UInt32, resource : String) : AuthD::User::PermissionLevel
response = @authd.check_permission uid, "dnsmanager", resource response = @authd.check_permission uid, "dnsmanager", resource
case response case response

View File

@ -21,9 +21,12 @@ class DNSManager::Request
# Limit the number of domains in this message. # Limit the number of domains in this message.
# Pagination will be required beyond a hundred domains. # Pagination will be required beyond a hundred domains.
user_domains = dnsmanagerd.storage.user_domains(user_id).[0..100] user_domains = dnsmanagerd.storage.user_domains(user_id).[0..100]
perms = dnsmanagerd.check_permissions user_id, "*" is_admin = dnsmanagerd.is_admin? user_id
Response::Logged.new (perms == AuthD::User::PermissionLevel::Admin), accepted_domains, user_domains Response::Logged.new is_admin, accepted_domains, user_domains
when AuthD::Response::ErrorUserNotFound
Baguette::Log.error "Trying to authenticate an unknown user."
Response::ErrorInvalidToken.new
else else
Response::ErrorInvalidToken.new Response::ErrorInvalidToken.new
end end