upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2024-09-21 04:35:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check permission for user group api

Browse Source 
Check create/update permission on user group

Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit is contained in:
stonezdj 2021-05-12 12:45:50 +08:00
parent ec2b83dcf3
commit a4eef465dc
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/core/api/usergroup.go
View File

@ -107,6 +107,10 @@ func (uga *UserGroupAPI) Get() {
// Post ... Create User Group
func (uga *UserGroupAPI) Post() {
if !uga.SecurityCtx.IsSysAdmin() {
uga.SendForbiddenError(errors.New(uga.SecurityCtx.GetUsername()))
return
}
userGroup := models.UserGroup{}
if err := uga.DecodeJSONReq(&userGroup); err != nil {
uga.SendBadRequestError(err)
@ -165,6 +169,10 @@ func (uga *UserGroupAPI) Post() {
// Put ... Only support update name
func (uga *UserGroupAPI) Put() {
if !uga.SecurityCtx.IsSysAdmin() {
uga.SendForbiddenError(errors.New(uga.SecurityCtx.GetUsername()))
return
}
userGroup := models.UserGroup{}
if err := uga.DecodeJSONReq(&userGroup); err != nil {
uga.SendBadRequestError(err)
@ -192,6 +200,10 @@ func (uga *UserGroupAPI) Put() {
// Delete ...
func (uga *UserGroupAPI) Delete() {
if !uga.SecurityCtx.IsSysAdmin() {
uga.SendForbiddenError(errors.New(uga.SecurityCtx.GetUsername()))
return
}
err := group.DeleteUserGroup(uga.id)
if err != nil {
uga.SendInternalServerError(fmt.Errorf("Error occurred in update user group, error: %v", err))