ircd:Ⓜ️:resource: Add method flag for operator access requirement.
This commit is contained in:
parent
371c50cfcc
commit
605245953a
|
@ -66,6 +66,9 @@ enum ircd::m::resource::method::flag
|
|||
/// Method will verify X-Matrix-authorization. This is used on the
|
||||
/// federation API.
|
||||
VERIFY_ORIGIN = 0x0002'0000,
|
||||
|
||||
/// Method requires operator access. This is used on the client-server API.
|
||||
REQUIRES_OPER = 0x0004'0000,
|
||||
};
|
||||
|
||||
struct ircd::m::resource::request
|
||||
|
|
|
@ -342,10 +342,16 @@ ircd::m::authenticate_user(const resource::method &method,
|
|||
const client &client,
|
||||
resource::request &request)
|
||||
{
|
||||
static const auto auth_requires
|
||||
{0
|
||||
| resource::method::REQUIRES_AUTH
|
||||
| resource::method::REQUIRES_OPER
|
||||
};
|
||||
|
||||
assert(method.opts);
|
||||
const auto requires_auth
|
||||
{
|
||||
method.opts->flags & resource::method::REQUIRES_AUTH
|
||||
method.opts->flags & auth_requires
|
||||
};
|
||||
|
||||
if(!requires_auth && !request.access_token)
|
||||
|
@ -397,6 +403,14 @@ ircd::m::authenticate_user(const resource::method &method,
|
|||
"Credentials for this method are required but invalid."
|
||||
};
|
||||
|
||||
// Operator access required for method.
|
||||
if(method.opts->flags & resource::method::REQUIRES_OPER)
|
||||
if(!is_oper(m::user::id(sender)))
|
||||
throw m::ACCESS_DENIED
|
||||
{
|
||||
"You are not an operator."
|
||||
};
|
||||
|
||||
return sender;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue