mirror of
https://github.com/optim-enterprises-bv/databunker.git
synced 2025-10-30 17:37:50 +00:00
save role in event
This commit is contained in:
yuli
@@ -200,7 +200,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
|
|||||||
if selfService == false {
|
if selfService == false {
|
||||||
// user can change consent only for briefs defined in self-service
|
// user can change consent only for briefs defined in self-service
|
||||||
if len(authResult) == 0 {
|
if len(authResult) == 0 {
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, event) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -237,11 +237,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
|
|||||||
|
|
||||||
func (e mainEnv) agreementRevokeAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) agreementRevokeAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
brief := ps.ByName("brief")
|
brief := ps.ByName("brief")
|
||||||
authResult := e.enforceAdmin(w, r)
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
if authResult == "" {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if e.enforceAdmin(w, r) == "" {
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
brief = normalizeBrief(brief)
|
brief = normalizeBrief(brief)
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ func (e mainEnv) getAuditEvents(w http.ResponseWriter, r *http.Request, ps httpr
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (e mainEnv) getAdminAuditEvents(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) getAdminAuditEvents(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var offset int32
|
var offset int32
|
||||||
|
|||||||
@@ -162,7 +162,7 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter.
|
|||||||
event := audit("initiate user record expiration by "+mode, identity, mode, identity)
|
event := audit("initiate user record expiration by "+mode, identity, mode, identity)
|
||||||
defer func() { event.submit(e.db, e.conf) }()
|
defer func() { event.submit(e.db, e.conf) }()
|
||||||
|
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, event) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
userTOKEN := e.loadUserToken(w, r, mode, identity, event)
|
userTOKEN := e.loadUserToken(w, r, mode, identity, event)
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ import (
|
|||||||
|
|
||||||
func (e mainEnv) createLegalBasis(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) createLegalBasis(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
brief := ps.ByName("brief")
|
brief := ps.ByName("brief")
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
brief = normalizeBrief(brief)
|
brief = normalizeBrief(brief)
|
||||||
@@ -82,7 +82,7 @@ func (e mainEnv) createLegalBasis(w http.ResponseWriter, r *http.Request, ps htt
|
|||||||
|
|
||||||
func (e mainEnv) deleteLegalBasis(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) deleteLegalBasis(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
brief := ps.ByName("brief")
|
brief := ps.ByName("brief")
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
brief = normalizeBrief(brief)
|
brief = normalizeBrief(brief)
|
||||||
@@ -98,7 +98,7 @@ func (e mainEnv) deleteLegalBasis(w http.ResponseWriter, r *http.Request, ps htt
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (e mainEnv) listLegalBasisRecords(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) listLegalBasisRecords(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
resultJSON, numRecords, err := e.db.getLegalBasisRecords()
|
resultJSON, numRecords, err := e.db.getLegalBasisRecords()
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ import (
|
|||||||
|
|
||||||
func (e mainEnv) pactivityCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) pactivityCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
activity := ps.ByName("activity")
|
activity := ps.ByName("activity")
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
activity = normalizeBrief(activity)
|
activity = normalizeBrief(activity)
|
||||||
@@ -70,7 +70,7 @@ func (e mainEnv) pactivityCreate(w http.ResponseWriter, r *http.Request, ps http
|
|||||||
|
|
||||||
func (e mainEnv) pactivityDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) pactivityDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
activity := ps.ByName("activity")
|
activity := ps.ByName("activity")
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
activity = normalizeBrief(activity)
|
activity = normalizeBrief(activity)
|
||||||
@@ -87,7 +87,7 @@ func (e mainEnv) pactivityDelete(w http.ResponseWriter, r *http.Request, ps http
|
|||||||
func (e mainEnv) pactivityLink(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) pactivityLink(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
activity := ps.ByName("activity")
|
activity := ps.ByName("activity")
|
||||||
brief := ps.ByName("brief")
|
brief := ps.ByName("brief")
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
activity = normalizeBrief(activity)
|
activity = normalizeBrief(activity)
|
||||||
@@ -122,7 +122,7 @@ func (e mainEnv) pactivityLink(w http.ResponseWriter, r *http.Request, ps httpro
|
|||||||
func (e mainEnv) pactivityUnlink(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) pactivityUnlink(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
activity := ps.ByName("activity")
|
activity := ps.ByName("activity")
|
||||||
brief := ps.ByName("brief")
|
brief := ps.ByName("brief")
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
activity = normalizeBrief(activity)
|
activity = normalizeBrief(activity)
|
||||||
@@ -146,7 +146,7 @@ func (e mainEnv) pactivityUnlink(w http.ResponseWriter, r *http.Request, ps http
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (e mainEnv) pactivityList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) pactivityList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
resultJSON, numRecords, err := e.db.listProcessingActivities()
|
resultJSON, numRecords, err := e.db.listProcessingActivities()
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httpr
|
|||||||
if len(userTOKEN) != 0 {
|
if len(userTOKEN) != 0 {
|
||||||
event.Record = userTOKEN
|
event.Record = userTOKEN
|
||||||
}
|
}
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, event) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
change := getStringValue(requestInfo["change"])
|
change := getStringValue(requestInfo["change"])
|
||||||
@@ -148,7 +148,7 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h
|
|||||||
if enforceUUID(w, request, event) == false {
|
if enforceUUID(w, request, event) == false {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
authResult := e.enforceAdmin(w, r)
|
authResult := e.enforceAdmin(w, r, event)
|
||||||
if authResult == "" {
|
if authResult == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ func (e mainEnv) createSession(w http.ResponseWriter, r *http.Request, ps httpro
|
|||||||
//returnError(w, r, "bad session format", nil, event)
|
//returnError(w, r, "bad session format", nil, event)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, event) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
expiration := e.conf.Policy.MaxSessionRetentionPeriod
|
expiration := e.conf.Policy.MaxSessionRetentionPeriod
|
||||||
@@ -77,7 +77,7 @@ func (e mainEnv) deleteSession(w http.ResponseWriter, r *http.Request, ps httpro
|
|||||||
//returnError(w, r, "bad session format", nil, event)
|
//returnError(w, r, "bad session format", nil, event)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, event) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
e.db.deleteSession(session)
|
e.db.deleteSession(session)
|
||||||
@@ -86,7 +86,6 @@ func (e mainEnv) deleteSession(w http.ResponseWriter, r *http.Request, ps httpro
|
|||||||
fmt.Fprintf(w, `{"status":"ok"}`)
|
fmt.Fprintf(w, `{"status":"ok"}`)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// the following function is currently not used
|
// the following function is currently not used
|
||||||
func (e mainEnv) newUserSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) newUserSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
identity := ps.ByName("identity")
|
identity := ps.ByName("identity")
|
||||||
|
|||||||
@@ -166,7 +166,7 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (e mainEnv) userList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (e mainEnv) userList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
if e.enforceAdmin(w, r) == "" {
|
if e.enforceAdmin(w, r, nil) == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if e.conf.Generic.ListUsers == false {
|
if e.conf.Generic.ListUsers == false {
|
||||||
|
|||||||
@@ -477,11 +477,14 @@ func (e mainEnv) enforceAuth(w http.ResponseWriter, r *http.Request, event *audi
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e mainEnv) enforceAdmin(w http.ResponseWriter, r *http.Request) string {
|
func (e mainEnv) enforceAdmin(w http.ResponseWriter, r *http.Request, event *auditEvent) string {
|
||||||
if token, ok := r.Header["X-Bunker-Token"]; ok {
|
if token, ok := r.Header["X-Bunker-Token"]; ok {
|
||||||
authResult, err := e.db.checkUserAuthXToken(token[0])
|
authResult, err := e.db.checkUserAuthXToken(token[0])
|
||||||
//fmt.Printf("error in auth? error %s - %s\n", err, token[0])
|
//fmt.Printf("error in auth? error %s - %s\n", err, token[0])
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
if event != nil {
|
||||||
|
event.Identity = authResult.name
|
||||||
|
}
|
||||||
if len(authResult.ttype) > 0 && authResult.ttype != "login" {
|
if len(authResult.ttype) > 0 && authResult.ttype != "login" {
|
||||||
return authResult.ttype
|
return authResult.ttype
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user