NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-18 17:15:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add auth check on get

Browse Source
This commit is contained in:
amcmanu3 2023-03-03 19:14:44 -05:00
parent 71e9da50da
commit ed028ec66d
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/classes/web/routes/api/servers/server/tasks/task/index.py
View File

@ -49,7 +49,18 @@ task_patch_schema = {
class ApiServersServerTasksTaskIndexHandler(BaseApiHandler):
def get(self, server_id: str, task_id: str):
pass
auth_data = self.authenticate_user()
if not auth_data:
return
if (
EnumPermissionsServer.SCHEDULE
not in self.controller.server_perms.get_user_id_permissions_list(
auth_data[4]["user_id"], server_id
)
):
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
self.finish_json(200, self.controller.management.get_scheduled_task(task_id))
def delete(self, server_id: str, task_id: str):
auth_data = self.authenticate_user()