From 42ffee8c583729287aed7eaa6df4b7b121c1f7f6 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Mon, 31 Dec 2018 18:05:24 -0800
Subject: make editor_id optional when createding editgroup

The editor_id can be infered from auth metadata.
---
 rust/src/api_wrappers.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'rust/src/api_wrappers.rs')

diff --git a/rust/src/api_wrappers.rs b/rust/src/api_wrappers.rs
index ae070e02..3dec1c26 100644
--- a/rust/src/api_wrappers.rs
+++ b/rust/src/api_wrappers.rs
@@ -988,6 +988,19 @@ impl Api for Server {
                 .auth_confectionary
                 .require_auth(&conn, &context.auth_data)?;
             auth_context.require_role(FatcatRole::Editor)?;
+            let mut entity = entity.clone();
+            match entity.editor_id.clone() {
+                Some(editor_id) => {
+                    if !auth_context.has_role(FatcatRole::Admin) {
+                        if editor_id != auth_context.editor_id.to_string() {
+                            bail!("not authorized to create editgroups in others' names");
+                        }
+                    }
+                },
+                None => {
+                    entity.editor_id = Some(auth_context.editor_id.to_string());
+                }
+            };
             self.create_editgroup_handler(entity, &conn)
         }) {
             Ok(eg) => CreateEditgroupResponse::SuccessfullyCreated(eg),
-- 
cgit v1.2.3