From d6b7aced6fb8841ab986fe02e0bc752d821f4ee2 Mon Sep 17 00:00:00 2001 From: Bryan Newbold Date: Tue, 15 Jan 2019 19:05:36 -0800 Subject: rust: autoaccept requires admin --- rust/src/endpoints.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'rust') diff --git a/rust/src/endpoints.rs b/rust/src/endpoints.rs index f7e93448..670c7fd9 100644 --- a/rust/src/endpoints.rs +++ b/rust/src/endpoints.rs @@ -143,13 +143,19 @@ macro_rules! wrap_entity_handlers { let conn = self.db_pool.get().expect("db_pool error"); let ret = match conn.transaction(|| { let auth_context = self.auth_confectionary.require_auth(&conn, &context.auth_data, Some(stringify!($post_batch_fn)))?; - auth_context.require_role(FatcatRole::Editor)?; + let autoaccept = autoaccept.unwrap_or(false); + if autoaccept { + auth_context.require_role(FatcatRole::Admin)?; + } else { + auth_context.require_role(FatcatRole::Editor)?; + }; let editgroup_id = if let Some(s) = editgroup_id { + // make_edit_context() checks for "both editgroup_id and autosubmit" error case let eg_id = FatcatId::from_str(&s)?; auth_context.require_editgroup(&conn, eg_id)?; Some(eg_id) } else { None }; - self.$post_batch_handler(&conn, entity_list, autoaccept.unwrap_or(false), auth_context.editor_id, editgroup_id) + self.$post_batch_handler(&conn, entity_list, autoaccept, auth_context.editor_id, editgroup_id) }).map_err(|e| FatcatError::from(e)) { Ok(edits) => { self.metrics.count("entities.created", edits.len() as i64).ok(); -- cgit v1.2.3