scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-11-01 11:17:51 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

User role validation on Subscribers.

Browse Source
This commit is contained in:
stephb9959
2021-11-30 10:23:23 -08:00
parent 829de62967
commit 311786f8d8
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/RESTAPI/RESTAPI_subuser_handler.cpp
View File

@@ -46,12 +46,16 @@ namespace OpenWifi {
return BadRequest(RESTAPI::Errors::MissingUserID);
}
SecurityObjects::UserInfo UInfo;
if(!StorageService()->GetUserById(Id,UInfo)) {
SecurityObjects::UserInfo TargetUser;
if(!StorageService()->GetUserById(Id,TargetUser)) {
return NotFound();
}
if(!ACLProcessor::Can(UserInfo_.userinfo, UInfo,ACLProcessor::DELETE)) {
if(TargetUser.userRole != SecurityObjects::SUBSCRIBER) {
return BadRequest(RESTAPI::Errors::InvalidUserRole);
}
if(!ACLProcessor::Can(UserInfo_.userinfo, TargetUser,ACLProcessor::DELETE)) {
return UnAuthorized(RESTAPI::Errors::InsufficientAccessRights, ACCESS_DENIED);
}
@@ -59,12 +63,12 @@ namespace OpenWifi {
return NotFound();
}
if(AuthService()->DeleteSubUserFromCache(UInfo.email)) {
if(AuthService()->DeleteSubUserFromCache(TargetUser.email)) {
// nothing to do
}
Logger_.information(Poco::format("Remove all tokens for '%s'", UserInfo_.userinfo.email));
StorageService()->RevokeAllSubTokens(UInfo.email);
StorageService()->RevokeAllSubTokens(TargetUser.email);
Logger_.information(Poco::format("User '%s' deleted by '%s'.",Id,UserInfo_.userinfo.email));
OK();
}
@@ -77,8 +81,7 @@ namespace OpenWifi {
SecurityObjects::UserInfo NewUser;
RESTAPI_utils::from_request(NewUser,*Request);
if(NewUser.userRole == SecurityObjects::UNKNOWN) {
if(NewUser.userRole == SecurityObjects::UNKNOWN || NewUser.userRole != SecurityObjects::SUBSCRIBER) {
return BadRequest(RESTAPI::Errors::InvalidUserRole);
}
@@ -145,7 +148,9 @@ namespace OpenWifi {
}
// some basic validations
if(RawObject->has("userRole") && SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString())==SecurityObjects::UNKNOWN) {
if(RawObject->has("userRole") &&
(SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString())==SecurityObjects::UNKNOWN ||
SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString())==SecurityObjects::SUBSCRIBER)) {
return BadRequest(RESTAPI::Errors::InvalidUserRole);
}