louis/oktopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): limit devices credentials access to admin user

Browse Source
This commit is contained in:
leandrofars 2024-04-15 18:28:06 -03:00
parent 73c4457284
commit 2d1a3157f6
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
backend/services/controller/internal/api/device.go
View File

@ -111,6 +111,18 @@ type DeviceAuth struct {
} }
func (a *Api) deviceAuth(w http.ResponseWriter, r *http.Request) { func (a *Api) deviceAuth(w http.ResponseWriter, r *http.Request) {
user, err := a.db.FindUser(r.Context().Value("email").(string))
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
utils.MarshallEncoder(err, w)
return
}
if user.Level != AdminUser {
w.WriteHeader(http.StatusForbidden)
return
}
if r.Method == http.MethodGet { if r.Method == http.MethodGet {
id := r.URL.Query().Get("id") id := r.URL.Query().Get("id")