From cf903a57ab3a4b595e44edf6f7374444dc960b58 Mon Sep 17 00:00:00 2001
From: stephb9959 <stephane.bourque@gmail.com>
Date: Mon, 10 Jan 2022 07:11:13 -0800
Subject: [PATCH] Adding additional security for SMS: only root, partner, admin
 are allowed to send SMS.

---
 src/RESTAPI/RESTAPI_sms_handler.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/RESTAPI/RESTAPI_sms_handler.cpp b/src/RESTAPI/RESTAPI_sms_handler.cpp
index 25bc0b5..450bf2c 100644
--- a/src/RESTAPI/RESTAPI_sms_handler.cpp
+++ b/src/RESTAPI/RESTAPI_sms_handler.cpp
@@ -33,6 +33,12 @@ namespace OpenWifi {
             return BadRequest("Code and number could not be validated");
         }
 
+        if( UserInfo_.userinfo.userRole!=SecurityObjects::ROOT &&
+            UserInfo_.userinfo.userRole!=SecurityObjects::PARTNER &&
+            UserInfo_.userinfo.userRole!=SecurityObjects::ADMIN) {
+            return UnAuthorized(RESTAPI::Errors::InsufficientAccessRights,ACCESS_DENIED);
+        }
+
         if (Obj->has("to") &&
             Obj->has("text")) {