Added ability for user to change slave domain with permission in backend
This commit is contained in:
parent
0701388c7e
commit
b4f6922c96
|
@ -123,10 +123,12 @@ class Domains
|
||||||
|
|
||||||
public function put(Request $req, Response $res, array $args)
|
public function put(Request $req, Response $res, array $args)
|
||||||
{
|
{
|
||||||
|
$userId = $req->getAttribute('userId');
|
||||||
|
$domainId = intval($args['domainId']);
|
||||||
$ac = new \Operations\AccessControl($this->c);
|
$ac = new \Operations\AccessControl($this->c);
|
||||||
if (!$ac->isAdmin($req->getAttribute('userId'))) {
|
if (!$ac->canAccessDomain($userId, $domainId)) {
|
||||||
$this->logger->info('Non admin user tries to delete domain');
|
$this->logger->info('User tries to update domain without permission');
|
||||||
return $res->withJson(['error' => 'You must be admin to use this feature'], 403);
|
return $res->withJson(['error' => 'You have no permissions for this domain.'], 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
$body = $req->getParsedBody();
|
$body = $req->getParsedBody();
|
||||||
|
@ -136,7 +138,6 @@ class Domains
|
||||||
return $res->withJson(['error' => 'One of the required fields is missing'], 422);
|
return $res->withJson(['error' => 'One of the required fields is missing'], 422);
|
||||||
}
|
}
|
||||||
|
|
||||||
$domainId = $args['domainId'];
|
|
||||||
$master = $body['master'];
|
$master = $body['master'];
|
||||||
|
|
||||||
$domains = new \Operations\Domains($this->c);
|
$domains = new \Operations\Domains($this->c);
|
||||||
|
|
|
@ -232,7 +232,7 @@ test.run(async function () {
|
||||||
|
|
||||||
assert.equal(res.status, 403, 'Domain deletion should be forbidden for users.');
|
assert.equal(res.status, 403, 'Domain deletion should be forbidden for users.');
|
||||||
|
|
||||||
//Test insufficient permissions
|
//Test update for domain with permissions
|
||||||
var res = await req({
|
var res = await req({
|
||||||
url: '/domains/2',
|
url: '/domains/2',
|
||||||
method: 'put',
|
method: 'put',
|
||||||
|
@ -241,7 +241,18 @@ test.run(async function () {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
assert.equal(res.status, 403, 'Update of slave zone should be forbidden for non admins.');
|
assert.equal(res.status, 204, 'Update of slave zone should work if user has permissions.');
|
||||||
|
|
||||||
|
//Test insufficient permissions
|
||||||
|
var res = await req({
|
||||||
|
url: '/domains/3',
|
||||||
|
method: 'put',
|
||||||
|
data: {
|
||||||
|
master: '9.8.7.6'
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
assert.equal(res.status, 403, 'Update of slave zone should fail without permissions.');
|
||||||
|
|
||||||
//Test insufficient privileges for get
|
//Test insufficient privileges for get
|
||||||
var res = await req({
|
var res = await req({
|
||||||
|
|
Loading…
Reference in a new issue