summaryrefslogtreecommitdiffstats
path: root/rust
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2019-01-15 19:05:36 -0800
committerBryan Newbold <bnewbold@robocracy.org>2019-01-15 19:05:36 -0800
commitd6b7aced6fb8841ab986fe02e0bc752d821f4ee2 (patch)
treebb3ede83d08ddd5fd398df342fef29e9158d560d /rust
parent86331c8599b54cfae2a3e479cc38dd6c7529681b (diff)
downloadfatcat-d6b7aced6fb8841ab986fe02e0bc752d821f4ee2.tar.gz
fatcat-d6b7aced6fb8841ab986fe02e0bc752d821f4ee2.zip
rust: autoaccept requires admin
Diffstat (limited to 'rust')
-rw-r--r--rust/src/endpoints.rs10
1 files changed, 8 insertions, 2 deletions
diff --git a/rust/src/endpoints.rs b/rust/src/endpoints.rs
index f7e93448..670c7fd9 100644
--- a/rust/src/endpoints.rs
+++ b/rust/src/endpoints.rs
@@ -143,13 +143,19 @@ macro_rules! wrap_entity_handlers {
let conn = self.db_pool.get().expect("db_pool error");
let ret = match conn.transaction(|| {
let auth_context = self.auth_confectionary.require_auth(&conn, &context.auth_data, Some(stringify!($post_batch_fn)))?;
- auth_context.require_role(FatcatRole::Editor)?;
+ let autoaccept = autoaccept.unwrap_or(false);
+ if autoaccept {
+ auth_context.require_role(FatcatRole::Admin)?;
+ } else {
+ auth_context.require_role(FatcatRole::Editor)?;
+ };
let editgroup_id = if let Some(s) = editgroup_id {
+ // make_edit_context() checks for "both editgroup_id and autosubmit" error case
let eg_id = FatcatId::from_str(&s)?;
auth_context.require_editgroup(&conn, eg_id)?;
Some(eg_id)
} else { None };
- self.$post_batch_handler(&conn, entity_list, autoaccept.unwrap_or(false), auth_context.editor_id, editgroup_id)
+ self.$post_batch_handler(&conn, entity_list, autoaccept, auth_context.editor_id, editgroup_id)
}).map_err(|e| FatcatError::from(e)) {
Ok(edits) => {
self.metrics.count("entities.created", edits.len() as i64).ok();