From d4ba215a3bf433640d860a4cb1e4f23447b8e062 Mon Sep 17 00:00:00 2001 From: Jason Volk Date: Fri, 28 Apr 2023 18:51:31 -0700 Subject: [PATCH] modules/client/user: Relax matching user_id in URL to requestor for bridges. --- modules/client/user/user.cc | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/client/user/user.cc b/modules/client/user/user.cc index f5edef1ee..c5a665b36 100644 --- a/modules/client/user/user.cc +++ b/modules/client/user/user.cc @@ -43,17 +43,17 @@ get_user(client &client, url::decode(user_id, request.parv[0]) }; - if(request.user_id != user_id) - throw m::UNSUPPORTED - { - "Getting user data as someone else is not yet supported" - }; - const string_view &cmd { request.parv[1] }; + if(request.user_id != user_id && !request.bridge_id) + throw m::UNSUPPORTED + { + "Getting user data as someone else is only for bridges." + }; + if(cmd == "filter") return get__filter(client, request, user_id); @@ -93,10 +93,10 @@ post_user(client &client, url::decode(user_id, request.parv[0]) }; - if(request.user_id != user_id) + if(request.user_id != user_id && !request.bridge_id) throw m::UNSUPPORTED { - "Posting user data as someone else is not yet supported" + "Posting user data as someone else is only for bridges." }; const string_view &cmd @@ -140,10 +140,10 @@ put_user(client &client, url::decode(user_id, request.parv[0]) }; - if(request.user_id != user_id) + if(request.user_id != user_id && !request.bridge_id) throw m::UNSUPPORTED { - "Putting user data as someone else is not yet supported" + "Putting user data as someone else is only for bridges." }; if(request.parv.size() < 2) @@ -193,10 +193,10 @@ delete_user(client &client, url::decode(user_id, request.parv[0]) }; - if(request.user_id != user_id) + if(request.user_id != user_id && !request.bridge_id) throw m::UNSUPPORTED { - "Deleting user data as someone else is not yet supported" + "Deleting user data as someone else is only for bridges." }; if(request.parv.size() < 2)