diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2019-01-15 19:05:36 -0800 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-01-15 19:05:36 -0800 |
commit | d6b7aced6fb8841ab986fe02e0bc752d821f4ee2 (patch) | |
tree | bb3ede83d08ddd5fd398df342fef29e9158d560d /rust | |
parent | 86331c8599b54cfae2a3e479cc38dd6c7529681b (diff) | |
download | fatcat-d6b7aced6fb8841ab986fe02e0bc752d821f4ee2.tar.gz fatcat-d6b7aced6fb8841ab986fe02e0bc752d821f4ee2.zip |
rust: autoaccept requires admin
Diffstat (limited to 'rust')
-rw-r--r-- | rust/src/endpoints.rs | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/rust/src/endpoints.rs b/rust/src/endpoints.rs index f7e93448..670c7fd9 100644 --- a/rust/src/endpoints.rs +++ b/rust/src/endpoints.rs @@ -143,13 +143,19 @@ macro_rules! wrap_entity_handlers { let conn = self.db_pool.get().expect("db_pool error"); let ret = match conn.transaction(|| { let auth_context = self.auth_confectionary.require_auth(&conn, &context.auth_data, Some(stringify!($post_batch_fn)))?; - auth_context.require_role(FatcatRole::Editor)?; + let autoaccept = autoaccept.unwrap_or(false); + if autoaccept { + auth_context.require_role(FatcatRole::Admin)?; + } else { + auth_context.require_role(FatcatRole::Editor)?; + }; let editgroup_id = if let Some(s) = editgroup_id { + // make_edit_context() checks for "both editgroup_id and autosubmit" error case let eg_id = FatcatId::from_str(&s)?; auth_context.require_editgroup(&conn, eg_id)?; Some(eg_id) } else { None }; - self.$post_batch_handler(&conn, entity_list, autoaccept.unwrap_or(false), auth_context.editor_id, editgroup_id) + self.$post_batch_handler(&conn, entity_list, autoaccept, auth_context.editor_id, editgroup_id) }).map_err(|e| FatcatError::from(e)) { Ok(edits) => { self.metrics.count("entities.created", edits.len() as i64).ok(); |