summaryrefslogtreecommitdiffstats
path: root/rust/src/api_wrappers.rs
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2018-12-31 18:05:24 -0800
committerBryan Newbold <bnewbold@robocracy.org>2018-12-31 18:05:26 -0800
commit42ffee8c583729287aed7eaa6df4b7b121c1f7f6 (patch)
tree40afc986b07d6af1f04913b43c20e81dfe38d22a /rust/src/api_wrappers.rs
parent48379975135f470f7e2faac6423c6188e3798b2d (diff)
downloadfatcat-42ffee8c583729287aed7eaa6df4b7b121c1f7f6.tar.gz
fatcat-42ffee8c583729287aed7eaa6df4b7b121c1f7f6.zip
make editor_id optional when createding editgroup
The editor_id can be infered from auth metadata.
Diffstat (limited to 'rust/src/api_wrappers.rs')
-rw-r--r--rust/src/api_wrappers.rs13
1 files changed, 13 insertions, 0 deletions
diff --git a/rust/src/api_wrappers.rs b/rust/src/api_wrappers.rs
index ae070e02..3dec1c26 100644
--- a/rust/src/api_wrappers.rs
+++ b/rust/src/api_wrappers.rs
@@ -988,6 +988,19 @@ impl Api for Server {
.auth_confectionary
.require_auth(&conn, &context.auth_data)?;
auth_context.require_role(FatcatRole::Editor)?;
+ let mut entity = entity.clone();
+ match entity.editor_id.clone() {
+ Some(editor_id) => {
+ if !auth_context.has_role(FatcatRole::Admin) {
+ if editor_id != auth_context.editor_id.to_string() {
+ bail!("not authorized to create editgroups in others' names");
+ }
+ }
+ },
+ None => {
+ entity.editor_id = Some(auth_context.editor_id.to_string());
+ }
+ };
self.create_editgroup_handler(entity, &conn)
}) {
Ok(eg) => CreateEditgroupResponse::SuccessfullyCreated(eg),