summaryrefslogtreecommitdiffstats
path: root/rust/src/api_wrappers.rs
diff options
context:
space:
mode:
Diffstat (limited to 'rust/src/api_wrappers.rs')
-rw-r--r--rust/src/api_wrappers.rs13
1 files changed, 13 insertions, 0 deletions
diff --git a/rust/src/api_wrappers.rs b/rust/src/api_wrappers.rs
index ae070e02..3dec1c26 100644
--- a/rust/src/api_wrappers.rs
+++ b/rust/src/api_wrappers.rs
@@ -988,6 +988,19 @@ impl Api for Server {
.auth_confectionary
.require_auth(&conn, &context.auth_data)?;
auth_context.require_role(FatcatRole::Editor)?;
+ let mut entity = entity.clone();
+ match entity.editor_id.clone() {
+ Some(editor_id) => {
+ if !auth_context.has_role(FatcatRole::Admin) {
+ if editor_id != auth_context.editor_id.to_string() {
+ bail!("not authorized to create editgroups in others' names");
+ }
+ }
+ },
+ None => {
+ entity.editor_id = Some(auth_context.editor_id.to_string());
+ }
+ };
self.create_editgroup_handler(entity, &conn)
}) {
Ok(eg) => CreateEditgroupResponse::SuccessfullyCreated(eg),