diff options
| author | Bryan Newbold <bnewbold@robocracy.org> | 2018-12-31 18:05:24 -0800 |
|---|---|---|
| committer | Bryan Newbold <bnewbold@robocracy.org> | 2018-12-31 18:05:26 -0800 |
| commit | 42ffee8c583729287aed7eaa6df4b7b121c1f7f6 (patch) | |
| tree | 40afc986b07d6af1f04913b43c20e81dfe38d22a /rust/src/api_wrappers.rs | |
| parent | 48379975135f470f7e2faac6423c6188e3798b2d (diff) | |
| download | fatcat-42ffee8c583729287aed7eaa6df4b7b121c1f7f6.tar.gz fatcat-42ffee8c583729287aed7eaa6df4b7b121c1f7f6.zip | |
make editor_id optional when createding editgroup
The editor_id can be infered from auth metadata.
Diffstat (limited to 'rust/src/api_wrappers.rs')
| -rw-r--r-- | rust/src/api_wrappers.rs | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/rust/src/api_wrappers.rs b/rust/src/api_wrappers.rs index ae070e02..3dec1c26 100644 --- a/rust/src/api_wrappers.rs +++ b/rust/src/api_wrappers.rs @@ -988,6 +988,19 @@ impl Api for Server { .auth_confectionary .require_auth(&conn, &context.auth_data)?; auth_context.require_role(FatcatRole::Editor)?; + let mut entity = entity.clone(); + match entity.editor_id.clone() { + Some(editor_id) => { + if !auth_context.has_role(FatcatRole::Admin) { + if editor_id != auth_context.editor_id.to_string() { + bail!("not authorized to create editgroups in others' names"); + } + } + }, + None => { + entity.editor_id = Some(auth_context.editor_id.to_string()); + } + }; self.create_editgroup_handler(entity, &conn) }) { Ok(eg) => CreateEditgroupResponse::SuccessfullyCreated(eg), |