mirror of
https://github.com/matrix-construct/construct
synced 2024-06-10 05:58:56 +02:00
ircd:Ⓜ️:resource: Add method flag for operator access requirement.
This commit is contained in:
parent
371c50cfcc
commit
605245953a
|
@ -66,6 +66,9 @@ enum ircd::m::resource::method::flag
|
||||||
/// Method will verify X-Matrix-authorization. This is used on the
|
/// Method will verify X-Matrix-authorization. This is used on the
|
||||||
/// federation API.
|
/// federation API.
|
||||||
VERIFY_ORIGIN = 0x0002'0000,
|
VERIFY_ORIGIN = 0x0002'0000,
|
||||||
|
|
||||||
|
/// Method requires operator access. This is used on the client-server API.
|
||||||
|
REQUIRES_OPER = 0x0004'0000,
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ircd::m::resource::request
|
struct ircd::m::resource::request
|
||||||
|
|
|
@ -342,10 +342,16 @@ ircd::m::authenticate_user(const resource::method &method,
|
||||||
const client &client,
|
const client &client,
|
||||||
resource::request &request)
|
resource::request &request)
|
||||||
{
|
{
|
||||||
|
static const auto auth_requires
|
||||||
|
{0
|
||||||
|
| resource::method::REQUIRES_AUTH
|
||||||
|
| resource::method::REQUIRES_OPER
|
||||||
|
};
|
||||||
|
|
||||||
assert(method.opts);
|
assert(method.opts);
|
||||||
const auto requires_auth
|
const auto requires_auth
|
||||||
{
|
{
|
||||||
method.opts->flags & resource::method::REQUIRES_AUTH
|
method.opts->flags & auth_requires
|
||||||
};
|
};
|
||||||
|
|
||||||
if(!requires_auth && !request.access_token)
|
if(!requires_auth && !request.access_token)
|
||||||
|
@ -397,6 +403,14 @@ ircd::m::authenticate_user(const resource::method &method,
|
||||||
"Credentials for this method are required but invalid."
|
"Credentials for this method are required but invalid."
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Operator access required for method.
|
||||||
|
if(method.opts->flags & resource::method::REQUIRES_OPER)
|
||||||
|
if(!is_oper(m::user::id(sender)))
|
||||||
|
throw m::ACCESS_DENIED
|
||||||
|
{
|
||||||
|
"You are not an operator."
|
||||||
|
};
|
||||||
|
|
||||||
return sender;
|
return sender;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue